On 10/10/2023 13:03, Mark Linton wrote:
Hello Tomcat users.
Is there a forum (like a webpage that we can search for previous
questions?)...
lists.apache.org
I am experiencing an issue with logging on to the manager and hosts
webpage(s).
What issue?
Please see the tomcat-users.xml attached:
<snip/>
*Tomcat-users.xml*
Comments removed.
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml
tomcat-users.xsd"
version="1.0">
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-jmx"/>
<role rolename="manager-script"/>
<role rolename="manager-status"/>
<user username="admin" password="12345"
roles="tomcat,admin-gui,manager-gui"/>
<user username="it" password="12345"
roles="tomcat,admin-gui,manager-gui"/>
<user username="admin1"
password="cfcebdf6c88c1c6b12e5faa632668b02c27be23a60d61b04f3dd4db5a5e145b8$1$32e07b40035aa8e6bd724b8a84476ab77f4e802f53fe2b8bb219ecf01ff08071"
roles="tomcat,admin-gui,manager-gui"/> (*This line is using the sha-256
encryption - testing this vs plain text*)
Whether than will work or not will depend on the Realm configuration.
<user username="tomcat" password="12345" roles="tomcat"/>
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="<must-be-changed>" roles="role1"/>
Unless those passwords are changed, Tomcat will not be able to parse
this file. The use of "<" and ">" is deliberate to break the file and
force you to change them.
<user username="admin2"
password="cfcebdf6c88c1c6b12e5faa632668b02c27be23a60d61b04f3dd4db5a5e145b8$1$32e07b40035aa8e6bd724b8a84476ab77f4e802f53fe2b8bb219ecf01ff08071"
roles="tomcat,admin-gui,manager-gui"/>
<user username="TomcatAdmin" password="12345" roles="manager-gui"/>
</tomcat-users>
Also, keep in mind the manager and host-manager are only accessible from
localhost be default.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org