> From: Ferindo Middleton [mailto:[EMAIL PROTECTED] > Subject: making rules for passwords/handling password > expirations in Tomcat Container Managed security > > Is there a way to configure Tomcat's built-in container managed > security for requiring rules for passwords and implementing > password expiration for non-programmers.
That's not a function of Tomcat, nor should it be. It would be the job of whatever authentication mechanism the Realm you use interacts with. The default MemoryRealm and associated tomcat-users.xml file are toys that are not intended for production use. The other Realms Tomcat supports should be used for real-world security, since they can front-end proper credential storage implementations. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
