Way to tell Tomcat 4 to reload tomcat-users.xml without having to restart?

[Jonathan Eric Miller <je...@uchicago.edu>]

Does anyone know if there is a way to tell Tomcat 4 to reload the
tomcat-users.xml file?

I want to give users the ability to change their passwords without having to
restart Tomcat in order for the changes to take affect. I was able to this
with Apache Web Server without a problem because it apparently continuously
checks that file to see if it has changed. Tomcat doesn't seem to do that.

Also, I'm wondering if there are plans to make it so that the passwords in
this file are encrypted?

Jon

Re: Way to tell Tomcat 4 to reload tomcat-users.xml without having to restart?

["Craig R. McClanahan" <cr...@apache.org>]

On Thu, 16 Aug 2001, Jonathan Eric Miller wrote:

> OK, thanks again. JNDIRealm cool! That was another question that I was going
> to ask is if it is possible to have it query an LDAP directory for the
> password information. I'll have to take a look at that. JDBCRealm never
> seemed like a good idea to me considering most SQL connections aren't
> encrypted.

True, but not an issue if the database is on the same machine as Tomcat,
or the communications link between Tomcat and the database server is
otherwise protected.

> Hopefully JNDIRealm uses SSL.

Not at present.  Such a capability would be nice to add now that lots of
directory server implementations support it.

> I'm wondering if the role
> information has to be stored in the directory? I'll see if I can find the
> docs...

With the existing implementations of JDBCRealm and JNDIRealm, the answer
is yes.  You could write custom versions of these Realms that did
something different (or looked in a different place).

> 
> Thanks, Jon
> 

Craig


> ----- Original Message -----
> From: "Craig R. McClanahan" <cr...@apache.org>
> To: "Tomcat User List" <to...@jakarta.apache.org>
> Sent: Thursday, August 16, 2001 3:19 PM
> Subject: Re: Way to tell Tomcat 4 to reload tomcat-users.xml without having
> to restart?
> 
> 
> >
> >
> > On Thu, 16 Aug 2001, Jonathan Eric Miller wrote:
> >
> > > Does anyone know if there is a way to tell Tomcat 4 to reload the
> > > tomcat-users.xml file?
> > >
> >
> > No, although it would be technically feasible to implement somethng.
> >
> > > I want to give users the ability to change their passwords without
> having to
> > > restart Tomcat in order for the changes to take affect. I was able to
> this
> > > with Apache Web Server without a problem because it apparently
> continuously
> > > checks that file to see if it has changed. Tomcat doesn't seem to do
> that.
> > >
> >
> > If you want to do this, you really want to be storing your users in a
> > database and using JDBCRealm, or a directory server and using
> > JNDIRealm.  The tomcat-users.xml file is there primarily as the minimum
> > level of stuff necessary to use container-managed security - it is not
> > designed for use as the production means for storing usernames.
> >
> > > Also, I'm wondering if there are plans to make it so that the passwords
> in
> > > this file are encrypted?
> > >
> > > Jon
> > >
> > >
> > >
> >
> > Craig
> >
> >
> >
> 
> 

Re: Way to tell Tomcat 4 to reload tomcat-users.xml without having to restart?

[Jonathan Eric Miller <to...@shark.uchicago.edu>]

OK, thanks again. JNDIRealm cool! That was another question that I was going
to ask is if it is possible to have it query an LDAP directory for the
password information. I'll have to take a look at that. JDBCRealm never
seemed like a good idea to me considering most SQL connections aren't
encrypted. Hopefully JNDIRealm uses SSL. I'm wondering if the role
information has to be stored in the directory? I'll see if I can find the
docs...

Thanks, Jon

----- Original Message -----
From: "Craig R. McClanahan" <cr...@apache.org>
To: "Tomcat User List" <to...@jakarta.apache.org>
Sent: Thursday, August 16, 2001 3:19 PM
Subject: Re: Way to tell Tomcat 4 to reload tomcat-users.xml without having
to restart?


>
>
> On Thu, 16 Aug 2001, Jonathan Eric Miller wrote:
>
> > Does anyone know if there is a way to tell Tomcat 4 to reload the
> > tomcat-users.xml file?
> >
>
> No, although it would be technically feasible to implement somethng.
>
> > I want to give users the ability to change their passwords without
having to
> > restart Tomcat in order for the changes to take affect. I was able to
this
> > with Apache Web Server without a problem because it apparently
continuously
> > checks that file to see if it has changed. Tomcat doesn't seem to do
that.
> >
>
> If you want to do this, you really want to be storing your users in a
> database and using JDBCRealm, or a directory server and using
> JNDIRealm.  The tomcat-users.xml file is there primarily as the minimum
> level of stuff necessary to use container-managed security - it is not
> designed for use as the production means for storing usernames.
>
> > Also, I'm wondering if there are plans to make it so that the passwords
in
> > this file are encrypted?
> >
> > Jon
> >
> >
> >
>
> Craig
>
>
>

Re: Way to tell Tomcat 4 to reload tomcat-users.xml without having to restart?

["Craig R. McClanahan" <cr...@apache.org>]

On Thu, 16 Aug 2001, Jonathan Eric Miller wrote:

> Does anyone know if there is a way to tell Tomcat 4 to reload the
> tomcat-users.xml file?
> 

No, although it would be technically feasible to implement somethng.

> I want to give users the ability to change their passwords without having to
> restart Tomcat in order for the changes to take affect. I was able to this
> with Apache Web Server without a problem because it apparently continuously
> checks that file to see if it has changed. Tomcat doesn't seem to do that.
> 

If you want to do this, you really want to be storing your users in a
database and using JDBCRealm, or a directory server and using
JNDIRealm.  The tomcat-users.xml file is there primarily as the minimum
level of stuff necessary to use container-managed security - it is not
designed for use as the production means for storing usernames.

> Also, I'm wondering if there are plans to make it so that the passwords in
> this file are encrypted?
> 
> Jon
> 
> 
> 

Craig