You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Dirk Brockmann <zw...@chaos.gwdg.de> on 2003/09/29 13:21:49 UTC

digesting passwords with the admin tool

Hi List,
I have just installed tomcat-4.1.27 and everything is working
well. For security reasons I was trying to use MD5-digested passwords
by means of the digest="MD5" keyword in the Memory Realm.
Placing a digested password in the tomcat-user.xml file I can 
authenticate myself
for example to use the manager and admin webapps.
However, if I use the admin tool in order to add a new user
the password associated with the new user is written
into the tomcat-user.xml file in clear text and consequently
the new user cannot authenticate because digest="MD5" is defined
in the Realm. Is there any way I can tell the admin tool
to digest the passwords and then write them into the file.
Any help would be greatly appreciated.
Dirk


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: digesting passwords with the admin tool

Posted by Tim Funk <fu...@joedog.org>.

Use JDBC-Realm, JNDI-Realm or another custom realm to achieve the password 
encryption you need. tomcat-user.xml is not meant for serious productional 
usage for maintaining (lots of) users and passwords.

-Tim

Dirk Brockmann wrote:

> Hi List,
> I have just installed tomcat-4.1.27 and everything is working
> well. For security reasons I was trying to use MD5-digested passwords
> by means of the digest="MD5" keyword in the Memory Realm.
> Placing a digested password in the tomcat-user.xml file I can 
> authenticate myself
> for example to use the manager and admin webapps.
> However, if I use the admin tool in order to add a new user
> the password associated with the new user is written
> into the tomcat-user.xml file in clear text and consequently
> the new user cannot authenticate because digest="MD5" is defined
> in the Realm. Is there any way I can tell the admin tool
> to digest the passwords and then write them into the file.
> Any help would be greatly appreciated.
> Dirk
> 
>

Re: digesting passwords with the admin tool

Posted by Tim Funk <fu...@joedog.org>.

Use JDBC-Realm, JNDI-Realm or another custom realm to achieve the password 
encryption you need. tomcat-user.xml is not meant for serious productional 
usage for maintaining (lots of) users and passwords.

-Tim

Dirk Brockmann wrote:

> Hi List,
> I have just installed tomcat-4.1.27 and everything is working
> well. For security reasons I was trying to use MD5-digested passwords
> by means of the digest="MD5" keyword in the Memory Realm.
> Placing a digested password in the tomcat-user.xml file I can 
> authenticate myself
> for example to use the manager and admin webapps.
> However, if I use the admin tool in order to add a new user
> the password associated with the new user is written
> into the tomcat-user.xml file in clear text and consequently
> the new user cannot authenticate because digest="MD5" is defined
> in the Realm. Is there any way I can tell the admin tool
> to digest the passwords and then write them into the file.
> Any help would be greatly appreciated.
> Dirk
> 
>  


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org