You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Paquin, Brian" <br...@yale.edu> on 2016/09/14 19:40:28 UTC
Using hashes in tomcat-users.xml
I was able to setup Tomcat 8.0.35 to use a SHA hashed password in tomcat-users.xml (trying to secure the Manager app a bit more), but the same setup does not work on 8.5.5.
Is there something I need to change to get this to work again?
server.xml engine:
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="600" cacheSize="1000" cacheRemovalWarningTime="3600">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true" deployXML="true">
<Realm className="org.apache.catalina.realm.MemoryRealm" digest="SHA" />
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
Command to generate hash that was used as the user’s password in tomcat-users.xml:
/usr/local/tomcat/bin/digest.sh -a SHA my_password
In 8.5.5, I can login to Manager if I replace the SHA hash with the plaintext version of the password…
I read through https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html, but still can’t get it to work.
Thank you,
Brian
Re: Using hashes in tomcat-users.xml
Posted by Coty Sutherland <cs...@redhat.com>.
You could also take a look at tomcat-vault
(https://github.com/picketbox/tomcat-vault).
On Wed, Sep 14, 2016 at 5:37 PM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Brian,
>
> On 9/14/16 3:40 PM, Paquin, Brian wrote:
>> I was able to setup Tomcat 8.0.35 to use a SHA hashed password in
>> tomcat-users.xml (trying to secure the Manager app a bit more),
>> but the same setup does not work on 8.5.5.
>>
>> Is there something I need to change to get this to work again?
>
> Yes.
>
>> server.xml engine: <Engine name="Catalina"
>> defaultHost="localhost"> <Realm
>> className="org.apache.catalina.realm.LockOutRealm" failureCount="3"
>> lockOutTime="600" cacheSize="1000" cacheRemovalWarningTime="3600">
>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>> resourceName="UserDatabase"/> </Realm> <Host name="localhost"
>> appBase="webapps" unpackWARs="true" autoDeploy="true"
>> deployXML="true"> <Realm
>> className="org.apache.catalina.realm.MemoryRealm" digest="SHA" />
>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>> directory="logs" prefix="localhost_access_log" suffix=".txt"
>> pattern="%h %l %u %t "%r" %s %b" />
>>
>> Command to generate hash that was used as the user’s password in
>> tomcat-users.xml: /usr/local/tomcat/bin/digest.sh -a SHA
>> my_password
>>
>> In 8.5.5, I can login to Manager if I replace the SHA hash with
>> the plaintext version of the password…
>>
>> I read through
>> https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html, but
>> still can’t get it to work.
>
> Have a look at http://tomcat.apache.org/migration-85.html,
> specifically http://tomcat.apache.org/migration-85.html#Internal_APIs
>
> Note that SHA passwords are no better than plaintext passwords. If you
> want to *actually* add some security, you need to at least use salted
> passwords. Better yet, use a PBKDF.
>
> You might want to have a look at this presentation:
> http://people.apache.org/~schultz/ApacheCon%20NA%202016/Seamless%20Upgra
> des%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJX2cL/AAoJEBzwKT+lPKRYm7AP/jW9ux3JM/zsSJjPymE/xPMw
> /mpI1Jh2kCViRA+wF9vWcuuHN/T/ib5MwinYdZnqwvtddRQUoBY5jKKcjieJWhFo
> UwdSZGmXGHOtJMyB+9DPIo17HuuSmxMNXDILCAaMd8pXvKZgsPJv4x9/lPC5uHyJ
> SpSJ9vcc6NKDzQq8AV/F9Q17HCaGPkl1Vi2d+Sbpvcm5vdqgKcDlGcOe6exUlIWP
> pMiOkvo+hEG77WpGKz1E2C0gBz3O1vs2AKwzWP3gmh10NinUNvfzPY9iqAylFNAq
> c5Mk+rvliCcQWss+O54IfbVO2dYElbcy3hktn4X7h1UOxSuw6qGJ3HeKsUBKlIho
> 5rL9J8nwkF+lechxVgdh4Q8CWJVZ5AsicmwMnd88o00TG8fO0XAb3oM496I0meLg
> xeiOTexg8S0RPLVFnCQ8mckaeTVzooLzuezJLAXO4YUnEZJHPrehR+ZL8Oblk6Fa
> 102AA+LFpCkW1L0JEFMrpCzmEc3Ue6VMVPeNorfTv/u2MBFfM+hpR0kmeDURUoA8
> C+i0Z4GHxRVL7M96ba2Irxs4eNkCV2v9IvCsgnz3LTXKuAggd/6dCTEPYEkE2sTO
> Tju+To9xWVudj6gwmya7SfNeKxb4PECBP4NgD5uRoljNDJNW1Eu80m7C2cxRGao8
> LXmKRsuWXsrTt6OOA9wZ
> =2Z2D
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using hashes in tomcat-users.xml
Posted by "Paquin, Brian" <br...@yale.edu>.
> On Sep 27, 2016, at 4:38 PM, Christopher Schultz <ch...@christopherschultz.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Brian,
>
> Your email was tough to parse-out of the thread, so I'm going to
> heavily edit-down the text. I hope I didn't miss anything.
>
> On 9/25/16 9:06 PM, Paquin, Brian wrote:
>> I tried using the following in server.xml: <Realm
>> className="org.apache.catalina.realm.UserDatabaseRealm"
>> resourceName="UserDatabase"> <CredentialHandler
>> className="org.apache.catalina.realm.MessageDigestCredentialHandler"
>> algorithm="SHA-256" iterations=“24680" saltLength="18" /> </Realm>
>>
>> And then using: /usr/local/tomcat/bin/digest.sh -a SHA-256 -i 24680
>> -s 18 secret_password
>>
>> And got back:
>> secret_password:9618b621a88fcee9c44aa93f39ddb063$58761$8ga9a0896a10f1b
> 26w91729qfc3786d74ac95223e092faf996500dc532a74905
>>
>> I then added that to my tomcat-users.xml: <user
>> username=“my_username"
>> password="9618b621a88fcee9c44aa93f39ddb063$58761$8ga9a0896a10f1b26w917
> 29qfc3786d74ac95223e092faf996500dc532a74905"
>> roles=“manager-gui,admin,admin-gui”/>
>>
>> After stopping and starting Tomcat, manager asks for credentials
>> but does not accept them. What have I got wrong?
>
> Is it still accepting them if you put the plaintext version of the
> password into tomcat-users.xml?
I was able to get SHA-256 (with salt and iterations) working today - I had nested realms that were not working correctly.
>
>> (I was hoping to use PBKDF2 but it did not appear that digest.sh
>> would accept PBKDF2 as an algorithm.)
>
> Try using "PBKDF2WithHmacSHA1" as the algorithm.
To be clear - I use PBKDF2WithHmacSHA1 in both server.xml and in the digest.sh, right?
Thank you, Brian
>
> [1]
> https://tomcat.apache.org/tomcat-8.0-doc/config/credentialhandler.html#S
> ecretKeyCredentialHandler
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJX6tjUAAoJEBzwKT+lPKRYMDUP/jLzRdR2tjsYAE5oRF87gtq7
> AJpxY19s2phoUFq9r5fMX4TL5eKCTqzonvqkwA6PcyOPjqK47lubnJWrHXEnyEFR
> JCv0HM/8gYuKc5TJBbM2uOMJJhhXlOjmrQNHtwjCNU/pCzHtPfJdmiKDbtG39r/T
> pWqG/SZrxmxupgPDnGeEEnp4azc5Wml0UP1KEHr+M2OCR2DZugRUi10MoDwPD+uV
> WQ0suCztjYCU0MB98b6EHTZogl9xpRZaSj4MyAqmzQIr3bbuFAL5R886UEHMrJ0Z
> ncbt8IqvyBoY6RFN8gqZDzRlCUjYB7mDz0swzU4Qptfvft51qQwgQp1LmZ9TZSfv
> HKNMp8LOMIigzTwWxX/VrRksXlV+itl94IbbgVOrBLQ3sRMq+bg8uwmgZCY0Q46O
> AgY4wEra5K4JJntJTSx0ttCrpgwP1r1MNdg8D2dQAPh7QBJ3X0NLApZ5aAnfpYJy
> ar4iSSEx90meCrsukZcmOicqxaJ63vXbUqYuTTVlVm1N48J61wRMmQuNS2tPoMgH
> nrPl/67xNwA+4iSe1pu1Hu0GVBPTGdWTgO4tOSupVhjS63OqXDxPOTlANgqGM7xW
> PCk/gjtwRR4VK3caV7T+hZiHbyGZqyRlAVwA6J9cw0ASS4+1ZQYLwbBB0jOE4y0y
> akjETJUf5x+5qyq0BWqA
> =g6Ib
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Re: Using hashes in tomcat-users.xml
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Brian,
Your email was tough to parse-out of the thread, so I'm going to
heavily edit-down the text. I hope I didn't miss anything.
On 9/25/16 9:06 PM, Paquin, Brian wrote:
> I tried using the following in server.xml: <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"> <CredentialHandler
> className="org.apache.catalina.realm.MessageDigestCredentialHandler"
> algorithm="SHA-256" iterations=\u201c24680" saltLength="18" /> </Realm>
>
> And then using: /usr/local/tomcat/bin/digest.sh -a SHA-256 -i 24680
> -s 18 secret_password
>
> And got back:
> secret_password:9618b621a88fcee9c44aa93f39ddb063$58761$8ga9a0896a10f1b
26w91729qfc3786d74ac95223e092faf996500dc532a74905
>
> I then added that to my tomcat-users.xml: <user
> username=\u201cmy_username"
> password="9618b621a88fcee9c44aa93f39ddb063$58761$8ga9a0896a10f1b26w917
29qfc3786d74ac95223e092faf996500dc532a74905"
> roles=\u201cmanager-gui,admin,admin-gui\u201d/>
>
> After stopping and starting Tomcat, manager asks for credentials
> but does not accept them. What have I got wrong?
Is it still accepting them if you put the plaintext version of the
password into tomcat-users.xml?
> (I was hoping to use PBKDF2 but it did not appear that digest.sh
> would accept PBKDF2 as an algorithm.)
Try using "PBKDF2WithHmacSHA1" as the algorithm.
[1]
https://tomcat.apache.org/tomcat-8.0-doc/config/credentialhandler.html#S
ecretKeyCredentialHandler
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJX6tjUAAoJEBzwKT+lPKRYMDUP/jLzRdR2tjsYAE5oRF87gtq7
AJpxY19s2phoUFq9r5fMX4TL5eKCTqzonvqkwA6PcyOPjqK47lubnJWrHXEnyEFR
JCv0HM/8gYuKc5TJBbM2uOMJJhhXlOjmrQNHtwjCNU/pCzHtPfJdmiKDbtG39r/T
pWqG/SZrxmxupgPDnGeEEnp4azc5Wml0UP1KEHr+M2OCR2DZugRUi10MoDwPD+uV
WQ0suCztjYCU0MB98b6EHTZogl9xpRZaSj4MyAqmzQIr3bbuFAL5R886UEHMrJ0Z
ncbt8IqvyBoY6RFN8gqZDzRlCUjYB7mDz0swzU4Qptfvft51qQwgQp1LmZ9TZSfv
HKNMp8LOMIigzTwWxX/VrRksXlV+itl94IbbgVOrBLQ3sRMq+bg8uwmgZCY0Q46O
AgY4wEra5K4JJntJTSx0ttCrpgwP1r1MNdg8D2dQAPh7QBJ3X0NLApZ5aAnfpYJy
ar4iSSEx90meCrsukZcmOicqxaJ63vXbUqYuTTVlVm1N48J61wRMmQuNS2tPoMgH
nrPl/67xNwA+4iSe1pu1Hu0GVBPTGdWTgO4tOSupVhjS63OqXDxPOTlANgqGM7xW
PCk/gjtwRR4VK3caV7T+hZiHbyGZqyRlAVwA6J9cw0ASS4+1ZQYLwbBB0jOE4y0y
akjETJUf5x+5qyq0BWqA
=g6Ib
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using hashes in tomcat-users.xml
Posted by "Paquin, Brian" <br...@yale.edu>.
On Sep 14, 2016, at 5:37 PM, Christopher Schultz <ch...@christopherschultz.net>> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Brian,
On 9/14/16 3:40 PM, Paquin, Brian wrote:
I was able to setup Tomcat 8.0.35 to use a SHA hashed password in
tomcat-users.xml (trying to secure the Manager app a bit more),
but the same setup does not work on 8.5.5.
Is there something I need to change to get this to work again?
Yes.
server.xml engine: <Engine name="Catalina"
defaultHost="localhost"> <Realm
className="org.apache.catalina.realm.LockOutRealm" failureCount="3"
lockOutTime="600" cacheSize="1000" cacheRemovalWarningTime="3600">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/> </Realm> <Host name="localhost"
appBase="webapps" unpackWARs="true" autoDeploy="true"
deployXML="true"> <Realm
className="org.apache.catalina.realm.MemoryRealm" digest="SHA" />
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
Command to generate hash that was used as the user’s password in
tomcat-users.xml: /usr/local/tomcat/bin/digest.sh -a SHA
my_password
In 8.5.5, I can login to Manager if I replace the SHA hash with
the plaintext version of the password…
I read through
https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html, but
still can’t get it to work.
Have a look at http://tomcat.apache.org/migration-85.html,
specifically http://tomcat.apache.org/migration-85.html#Internal_APIs
Note that SHA passwords are no better than plaintext passwords. If you
want to *actually* add some security, you need to at least use salted
passwords. Better yet, use a PBKDF.
I tried using the following in server.xml:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="SHA-256" iterations=“24680" saltLength="18" />
</Realm>
And then using:
/usr/local/tomcat/bin/digest.sh -a SHA-256 -i 24680 -s 18 secret_password
And got back:
secret_password:9618b621a88fcee9c44aa93f39ddb063$58761$8ga9a0896a10f1b26w91729qfc3786d74ac95223e092faf996500dc532a74905
I then added that to my tomcat-users.xml:
<user username=“my_username" password="9618b621a88fcee9c44aa93f39ddb063$58761$8ga9a0896a10f1b26w91729qfc3786d74ac95223e092faf996500dc532a74905" roles=“manager-gui,admin,admin-gui”/>
After stopping and starting Tomcat, manager asks for credentials but does not accept them.
What have I got wrong?
(I was hoping to use PBKDF2 but it did not appear that digest.sh would accept PBKDF2 as an algorithm.)
Brian
You might want to have a look at this presentation:
http://people.apache.org/~schultz/ApacheCon%20NA%202016/Seamless%20Upgra
des%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org<http://gpgtools.org/>
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJX2cL/AAoJEBzwKT+lPKRYm7AP/jW9ux3JM/zsSJjPymE/xPMw
/mpI1Jh2kCViRA+wF9vWcuuHN/T/ib5MwinYdZnqwvtddRQUoBY5jKKcjieJWhFo
UwdSZGmXGHOtJMyB+9DPIo17HuuSmxMNXDILCAaMd8pXvKZgsPJv4x9/lPC5uHyJ
SpSJ9vcc6NKDzQq8AV/F9Q17HCaGPkl1Vi2d+Sbpvcm5vdqgKcDlGcOe6exUlIWP
pMiOkvo+hEG77WpGKz1E2C0gBz3O1vs2AKwzWP3gmh10NinUNvfzPY9iqAylFNAq
c5Mk+rvliCcQWss+O54IfbVO2dYElbcy3hktn4X7h1UOxSuw6qGJ3HeKsUBKlIho
5rL9J8nwkF+lechxVgdh4Q8CWJVZ5AsicmwMnd88o00TG8fO0XAb3oM496I0meLg
xeiOTexg8S0RPLVFnCQ8mckaeTVzooLzuezJLAXO4YUnEZJHPrehR+ZL8Oblk6Fa
102AA+LFpCkW1L0JEFMrpCzmEc3Ue6VMVPeNorfTv/u2MBFfM+hpR0kmeDURUoA8
C+i0Z4GHxRVL7M96ba2Irxs4eNkCV2v9IvCsgnz3LTXKuAggd/6dCTEPYEkE2sTO
Tju+To9xWVudj6gwmya7SfNeKxb4PECBP4NgD5uRoljNDJNW1Eu80m7C2cxRGao8
LXmKRsuWXsrTt6OOA9wZ
=2Z2D
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org<ma...@tomcat.apache.org>
For additional commands, e-mail: users-help@tomcat.apache.org<ma...@tomcat.apache.org>
[Yale Pathology Logo]
Brian Paquin
Help Desk Support Yale Pathology ITS
---------------------------------------------------
310 Cedar St. BML B50
New Haven, CT 06520
203-785-3691-office
203-785-2403-fax
Re: Using hashes in tomcat-users.xml
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Brian,
On 9/14/16 3:40 PM, Paquin, Brian wrote:
> I was able to setup Tomcat 8.0.35 to use a SHA hashed password in
> tomcat-users.xml (trying to secure the Manager app a bit more),
> but the same setup does not work on 8.5.5.
>
> Is there something I need to change to get this to work again?
Yes.
> server.xml engine: <Engine name="Catalina"
> defaultHost="localhost"> <Realm
> className="org.apache.catalina.realm.LockOutRealm" failureCount="3"
> lockOutTime="600" cacheSize="1000" cacheRemovalWarningTime="3600">
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/> </Realm> <Host name="localhost"
> appBase="webapps" unpackWARs="true" autoDeploy="true"
> deployXML="true"> <Realm
> className="org.apache.catalina.realm.MemoryRealm" digest="SHA" />
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs" prefix="localhost_access_log" suffix=".txt"
> pattern="%h %l %u %t "%r" %s %b" />
>
> Command to generate hash that was used as the user\u2019s password in
> tomcat-users.xml: /usr/local/tomcat/bin/digest.sh -a SHA
> my_password
>
> In 8.5.5, I can login to Manager if I replace the SHA hash with
> the plaintext version of the password\u2026
>
> I read through
> https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html, but
> still can\u2019t get it to work.
Have a look at http://tomcat.apache.org/migration-85.html,
specifically http://tomcat.apache.org/migration-85.html#Internal_APIs
Note that SHA passwords are no better than plaintext passwords. If you
want to *actually* add some security, you need to at least use salted
passwords. Better yet, use a PBKDF.
You might want to have a look at this presentation:
http://people.apache.org/~schultz/ApacheCon%20NA%202016/Seamless%20Upgra
des%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJX2cL/AAoJEBzwKT+lPKRYm7AP/jW9ux3JM/zsSJjPymE/xPMw
/mpI1Jh2kCViRA+wF9vWcuuHN/T/ib5MwinYdZnqwvtddRQUoBY5jKKcjieJWhFo
UwdSZGmXGHOtJMyB+9DPIo17HuuSmxMNXDILCAaMd8pXvKZgsPJv4x9/lPC5uHyJ
SpSJ9vcc6NKDzQq8AV/F9Q17HCaGPkl1Vi2d+Sbpvcm5vdqgKcDlGcOe6exUlIWP
pMiOkvo+hEG77WpGKz1E2C0gBz3O1vs2AKwzWP3gmh10NinUNvfzPY9iqAylFNAq
c5Mk+rvliCcQWss+O54IfbVO2dYElbcy3hktn4X7h1UOxSuw6qGJ3HeKsUBKlIho
5rL9J8nwkF+lechxVgdh4Q8CWJVZ5AsicmwMnd88o00TG8fO0XAb3oM496I0meLg
xeiOTexg8S0RPLVFnCQ8mckaeTVzooLzuezJLAXO4YUnEZJHPrehR+ZL8Oblk6Fa
102AA+LFpCkW1L0JEFMrpCzmEc3Ue6VMVPeNorfTv/u2MBFfM+hpR0kmeDURUoA8
C+i0Z4GHxRVL7M96ba2Irxs4eNkCV2v9IvCsgnz3LTXKuAggd/6dCTEPYEkE2sTO
Tju+To9xWVudj6gwmya7SfNeKxb4PECBP4NgD5uRoljNDJNW1Eu80m7C2cxRGao8
LXmKRsuWXsrTt6OOA9wZ
=2Z2D
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org