You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Theresa Whitney <th...@nisd.net> on 2017/03/31 19:18:41 UTC
changing tomcat default password
I am trying to address a security vulnerability notification for several
servers. We have tomcat6 installed. The notification indicates that I
need to change the default passwords in the admin-users.xml file. When I
view the file it looks like everything is commented out. And there are
several places where a password is set. I have also confirmed that the
tomcat service is running and the only dependencies are for winsock and
tcpip drivers.
I am not familiar with tomcat or making any changes to any configurations.
Can I just change the password in the xml file?
Do I need to stop and restart services and if so, just the tomcat service?
What is affected by stopping and restarting services?
Sorry for my ignorance ... I am a total newbie.
--
Theresa Whitney
Systems Administrator - Server Support
Northside ISD
ph: (210) 397-7727
email: theresa.whitney@nisd.net
RE: changing tomcat default password
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Theresa Whitney [mailto:theresa.whitney@nisd.net]
> Subject: changing tomcat default password
> I am trying to address a security vulnerability notification for several
> servers. We have tomcat6 installed.
Right there is your biggest security problem - Tomcat 6 has reached end of life and may not receive any more fixes. To quote from the "Which version?" page:
"Users of Tomcat 6 should be aware that Tomcat 6 has now reached end of life. Users of Tomcat 6.x should upgrade to Tomcat 7.x or later."
http://tomcat.apache.org/whichversion.html
> The notification indicates that I need to change the default passwords
> in the admin-users.xml file.
No such file is distributed with a standard Tomcat; are you sure you have the right file name? In which directory is it located?
> Can I just change the password in the xml file?
Difficult to say, since it's not part of an official Tomcat.
> Sorry for my ignorance ... I am a total newbie.
As we all were at some point.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
-----Original Message-----
--
Theresa Whitney
Systems Administrator - Server Support
Northside ISD
ph: (210) 397-7727
email: theresa.whitney@nisd.net
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org