I was able to setup Tomcat 8.0.35 to use a SHA hashed password in tomcat-users.xml (trying to secure the Manager app a bit more), but the same setup does not work on 8.5.5. Is there something I need to change to get this to work again?
server.xml engine: <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="600" cacheSize="1000" cacheRemovalWarningTime="3600"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" deployXML="true"> <Realm className="org.apache.catalina.realm.MemoryRealm" digest="SHA" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> Command to generate hash that was used as the user’s password in tomcat-users.xml: /usr/local/tomcat/bin/digest.sh -a SHA my_password In 8.5.5, I can login to Manager if I replace the SHA hash with the plaintext version of the password… I read through https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html, but still can’t get it to work. Thank you, Brian