I was able to setup Tomcat 8.0.35 to use a SHA hashed password in
tomcat-users.xml (trying to secure the Manager app a bit more), but the same
setup does not work on 8.5.5.
Is there something I need to change to get this to work again?
server.xml engine:
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm"
failureCount="3" lockOutTime="600" cacheSize="1000"
cacheRemovalWarningTime="3600">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true" deployXML="true">
<Realm className="org.apache.catalina.realm.MemoryRealm" digest="SHA" />
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
Command to generate hash that was used as the user’s password in
tomcat-users.xml:
/usr/local/tomcat/bin/digest.sh -a SHA my_password
In 8.5.5, I can login to Manager if I replace the SHA hash with the plaintext
version of the password…
I read through https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html, but
still can’t get it to work.
Thank you,
Brian
