Thanks Chuck - Sorry - yes v5.5, and i am referring to the admin webapp that came with it. I have to allow for end-users that don't want to use LDAP, nor another DB (I know it is stupid). So i was hoping there was a way to make the admin app write the passwords in digest form.
Thanks -Kurt On Wed, 2009-07-22 at 15:05 -0700, Caldarale, Charles R wrote: > > From: Kurt Heberlein [mailto:ku...@3pardata.com] > > Subject: Digested passwords stored in tomcat-users.xml by admin > > application? > > > > is there a way to make the admin application > > If you're referring to the admin application that comes with older > versions of Tomcat, that's a dead end. (Note that you didn't bother > to tell us what version of Tomcat you're using.) > > > Each new user created gets put in the file with a > > cleartext password. > > What file? If you're referring to conf/tomcat-users.xml, you should > not be using that in production. Better to configure a proper <Realm> > with some sort of database or LDAP server behind it: > http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY MATERIAL and is thus for use only by the intended > recipient. If you received this in error, please contact the sender > and delete the e-mail and its attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > This email and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
