Hi Amit, I'm using 3.2 so details may vary. What you want to do is write your own authentication module. Easier than it sounds. Just take a copy of the authentication module you are using (SimpleRealm?) to use as a base for your own code. Add in the functionality you want, compile and include in TOMCAT_HOME/lib/webserver.jar Edit server.xml to use your custom authentication module. Also, I'd recommend you look at JDBCRealm so that you can store usernames and passwords in a database. Quite apart from the other advantages you may then be able to take advantage of the db's encryption facilities (e.g. MySql's Password function) and save yourself the bother of writing your own. Hope this helps Andrew On Wed, 07 Mar 2001, you wrote: > > Hi All, > > I'm using tomcat 4.0 Beta1. > I successfully tested out the form based authentication provided with tomcat. > > But , the main problem with it is : It uses plain text to store users,roles and >passwords > in the "tomcat-users.xml" file placed in TOMCAT_HOME\conf. > > Is there any plugin for tomcat to encrypt the passwords stored in this file ? > or is there any round-about to do so. > > Thanking you in advance. > > With Regards, > -Amit > E-Mail:[EMAIL PROTECTED] > Sansui Software Pvt. Ltd.,Pune > ---------------------------------------- Content-Type: text/html; name="unnamed" Content-Transfer-Encoding: quoted-printable Content-Description: ---------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]