User roles

["Shaw, Mike" <MS...@selectmedicalcorp.com>]

Our Security group wants for me to change the Tomcat 5 default password.
I believe that this setting is within the tomcat-users.xml file.  I know
that the role called "tomcat" needs to be in there to have the service
operate correctly.

Could you please provide instructions for changing the default password
to something else and how it affects the service=3F  I assume that the
service would need to be restarted following adjustments to the XML
=66ile.  Thank you.

Michael Shaw
Programmer
Select Medical Corporation
mshaw@selectmedicalcorp.com


Note:  The information contained in this message may be
privileged and confidential and protected from
disclosure.  If the reader of this message is not the
intended recipient, or an employee or agent responsible
for delivering this message to the intended recipient, you
are hereby notified that any dissemination, distribution
or copying of this communication is strictly prohibited.
If you have received this communication in error, please
notify us immediately by replying to the message and
deleting it from your computer.  Thank you.

Re: User roles

[Konstantin Kolinko <kn...@gmail.com>]

When stop command is invoked on tomcat (catalina), the value of the
shutdown password is being read by catalina from the same server.xml
file. So, it just has to be some random string. It is not mentioned
anywhere in the scripts files.

Of course, tomcat instance must be stopped while you change the value.


2007/12/14, Mark H. Wood <mw...@iupui.edu>:
> I wonder if the OP means the shutdown password?  That's in server.xml,
> and the only consequence of changing it that I know of is that your
> shutdown script needs to be kept in sync. with this or it won't work.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: User roles

["Mark H. Wood" <mw...@IUPUI.Edu>]

I wonder if the OP means the shutdown password?  That's in server.xml,
and the only consequence of changing it that I know of is that your
shutdown script needs to be kept in sync. with this or it won't work.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.

RE: User roles

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: Shaw, Mike [mailto:MShaw@selectmedicalcorp.com] 
> Subject: User roles
> 
> Our Security group wants for me to change the Tomcat 5 
> default password.

There's no such thing as a password for Tomcat itself.  Various webapps
deployed under Tomcat may have security constraints requiring certain
roles, but the default tomcat-users.xml contains no passwords.  The
manager and admin apps do require roles and authentication, of course.

> I know that the role called "tomcat" needs to be in there
> to have the service operate correctly.

Not true; running Tomcat as a service has nothing to do with what's in
the tomcat-users.xml file.

If you're serious about security, you'll discard the default toy <Realm>
and use a real one.  Read up on it here:
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org