Re: Problems with tomcat-users.xml

Tue, 10 Oct 2023 09:58:12 -0700 

On 10/10/2023 13:03, Mark Linton wrote:

Hello Tomcat users.

Is there a forum (like a webpage that we can search for previous
questions?)...


lists.apache.org


I am experiencing an issue with logging on to the manager and hosts
webpage(s).


What issue?


Please see the tomcat-users.xml attached:


<snip/>


*Tomcat-users.xml*


Comments removed.


<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml";
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
               xsi:schemaLocation="http://tomcat.apache.org/xml
tomcat-users.xsd"
         version="1.0">

<tomcat-users>
   <role rolename="tomcat"/>
   <role rolename="role1"/>
   <role rolename="admin-gui"/>
   <role rolename="manager-gui"/>
   <role rolename="manager-jmx"/>
   <role rolename="manager-script"/>
   <role rolename="manager-status"/>
   <user username="admin" password="12345"
roles="tomcat,admin-gui,manager-gui"/>
   <user username="it" password="12345"
roles="tomcat,admin-gui,manager-gui"/>
   <user username="admin1"
password="cfcebdf6c88c1c6b12e5faa632668b02c27be23a60d61b04f3dd4db5a5e145b8$1$32e07b40035aa8e6bd724b8a84476ab77f4e802f53fe2b8bb219ecf01ff08071"
roles="tomcat,admin-gui,manager-gui"/> (*This line is using the sha-256
encryption - testing this vs plain text*)


Whether than will work or not will depend on the Realm configuration.


   <user username="tomcat" password="12345" roles="tomcat"/>
   <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
    <user username="role1" password="<must-be-changed>" roles="role1"/>
Unless those passwords are changed, Tomcat will not be able to parse this file. The use of "<" and ">" is deliberate to break the file and force you to change them. 


   <user username="admin2"
password="cfcebdf6c88c1c6b12e5faa632668b02c27be23a60d61b04f3dd4db5a5e145b8$1$32e07b40035aa8e6bd724b8a84476ab77f4e802f53fe2b8bb219ecf01ff08071"
roles="tomcat,admin-gui,manager-gui"/>
   <user username="TomcatAdmin" password="12345" roles="manager-gui"/>
</tomcat-users>
Also, keep in mind the manager and host-manager are only accessible from localhost be default. 

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to