Re: Ok the \admin user\password?
--- George Hester [EMAIL PROTECTED] wrote: I downloaded the 4.1.29 Tomcat as a zip. I unzipped and fired Tomcat up. I chose Administrator from the splash page. I was asked for a user name and password. I tried user tomcat and pass tomcat.. Denied. What should I use here? The tomcat-users.xml seems not to be right for if it was I believe user tomcat and password tomcat should have worked. Thanks. By default there are no admin or manager users defined in tomcat-user.xml file. if you want to use the /manager /admin applications you must add an admin user with manager and admin rights: user username=admin password=* roles=manager,admin/ kind regards, = staf homepage: http://staf.patat.org email: [EMAIL PROTECTED] __ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Ok the \admin user\password?
Ya ya thanks. -- George Hester __ staf wagemakers [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] --- George Hester [EMAIL PROTECTED] wrote: I downloaded the 4.1.29 Tomcat as a zip. I unzipped and fired Tomcat up. I chose Administrator from the splash page. I was asked for a user name and password. I tried user tomcat and pass tomcat.. Denied. What should I use here? The tomcat-users.xml seems not to be right for if it was I believe user tomcat and password tomcat should have worked. Thanks. By default there are no admin or manager users defined in tomcat-user.xml file. if you want to use the /manager /admin applications you must add an admin user with manager and admin rights: user username=admin password=* roles=manager,admin/ kind regards, = staf homepage: http://staf.patat.org email: [EMAIL PROTECTED] __ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Ok the \admin user\password?
I downloaded the 4.1.29 Tomcat as a zip. I unzipped and fired Tomcat up. I chose Administrator from the splash page. I was asked for a user name and password. I tried user tomcat and pass tomcat.. Denied. What should I use here? The tomcat-users.xml seems not to be right for if it was I believe user tomcat and password tomcat should have worked. Thanks. -- George Hester __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: admin user/password
Hi Mike, I had (under Tomcat 3.2 beta 3, Tomcat 3.2 beta 5 and Tomcat 3.2 beta 6) the same problem with contextAdmin.html as you. There are in fact two problems: problem of security (= problem with calling contextAdmin.html) and problem of java.lang.NullPointerException (when you want to see contexts from contextAdmin.html and so on). I found different solutions of these problems. There are 3 "players" in the "game": 1) file conf/server.xml; 2) file webapps/admin/WEB-INF/web.xml; 3) file conf/tomcat-users.xml. What must you do with file server.xml? * You will find context definition for path="/admin" and then you MUST change trusted attribute from trusted="false" to trusted="true". What can you do with file web.xml? * You CAN do one of three alternatives: A) to let web.xml without any change; B) to modify web.xml: to delete security-constraint.../security-constraint and login-config.../login-config inside web.xml, so at web.xml will then remain only 4 lines: ?xml ... ? !DOCTYPE ... web-app /web-app C) to delete (or rename) web.xml. What can you do with file tomcat-users.xml? ** You CAN do one of two alternatives: X) to let tomcat-users.xml without any change; Y) to change tomcat-users.xml: here you have two subalternatives: Y1) to include new user-line with role="admin" into tomcat-users block, for example: user name="mike" password="tinnes" roles="admin" / Y2) to include new role into user "tomcat" user name="tomcat" password="tomcat" roles="tomcat,admin" / And why? Because at web.xml is line role-nameadmin/role-name (if you have not deleted (renamed) or modified file web.xml). But now, I will not difference between alternatives Y1 and Y2, it will be alternative Y. What are the correct combinations of these actions? ** I suppose, that you have correct server.xml. Then you have 5 correct combinations betwen actions for web.xml and tomcat-users.xml. And now, what happens when you call http://localhost:8080/admin/contextAdmin/contextAdmin.html ?? It depends on these combinations: Combination: == behavior: A + Y == displays security window, you fill in and then displays contexAdmin.html and it works correctly; B + X == displays contexAdmin.html and it works correctly; B + Y == displays contexAdmin.html and it works correctly; C + X == displays contexAdmin.html and it works correctly; C + Y == displays contexAdmin.html and it works correctly. I hope it help you. Mirek Subrt "Mike Tinnes" tinnes@ecliptiTo: ctech.com [EMAIL PROTECTED] cc: 24.10.2000 Subject: admin user/password 20:32 Please respond to tomcat-user Hello, How do I determine/change/etc. the username and password for the /admin security context? I've tried the username/passwords from the tomcat-users.xml file, but these must relate to something else. Thanks, Mike
admin user/password
Hello, How do I determine/change/etc. the username and password for the /admin security context? I've tried the username/passwords from the tomcat-users.xml file, but these must relate to something else. Thanks, Mike
RE: admin user/password
Thanks for the reply, but it's still not cooperating.. I've added 'tomcat'
to the web.xml with..
auth-constraint
role-nameadmin/role-name
role-nametomcat/role-name
/auth-constraint
but the login still fails after 3 attempts. I don't have to change the realm
do I?
-Original Message-
From: Joe Emenaker [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 24, 2000 5:05 PM
To: [EMAIL PROTECTED]
Subject: Re: admin user/password
Hello,
How do I determine/change/etc. the username and password for the /admin
security context? I've tried the username/passwords from the
tomcat-users.xml file, but these must relate to something else.
I don't know why nobody talks about this. I've seen numerous postings from
people trying to find out the name/password and all of the posts go,
curiously, unanswered.
Since I haven't yet been brought into the conspiracy of silence on this
matter, I'll tell you what I've found out so far.
Your tomcat-users.xml file seems to define the users that tomcat will know
*how* to authenticate. It also defines the "roles" that they're allowed to
participate in. The stock file, I believe, comes with three users ("tomcat",
"role1", and "both") and two roles ("tomcat" and "role1").
Then, in your web.xml in your admin directory, you should find a section
called "auth-constraint". This lists the roles that are allowed to use that
webapp. In my stock tomcat installation, the only role listed was "admin", a
role that WASN'T EVEN LISTED in tomcat-users.xml.
So, it would seem that there's no way to get into the admin webapp in the
default installation.
What bugs me is that, if you enter a valid username/password combination,
tomcat gives no indication that they're valid... it behaves as though the
name/password are invalid. I would have expected that it would come up with
a page that said that I didn't have the appropriate rights for that webapp
or something. Oh well
Anyway, what I ended up doing to get it to work was to add a
role-nametomcat/role-name in the auth-constraint section of the admin
web.xml. Then, I was able to log in as "tomcat"/"tomcat".
Now, lets see if you can help ME. When I go into the contextAdmin servlet
and click on "View All Contexts", I get:
java.lang.NullPointerException:
at ContextAdmin.init(ContextAdmin.java:46)
What do you get?
- Joe
