On Mon, 23 Jul 2001, Jonathan Eric Miller wrote:
> I noticed that it appears that Tomcat 4 only reads tomcat-users.xml on start
> up. Does anyone know if there is a way to programatically tell Tomcat to
> re-read this file?
>
No, there isn't.
> Basically, I want to have a Web page that allows a user to change their
> password. However, I don't want to have to restart Tomcat in order for the
> change to take affect.
>
You should consider the tomcat-users.xml file to be a
minimal-functionality example of how to make container-managed security
work. For any real application, I would set up a users database, and use
JDBCRealm (which does recognize changes as they happen).
> Also, does anyone know if there is a way to store the passwords crypt
> encrypted instead of in clear-text?
>
See previous response. With JDBCRealm, you can encrypt the passwords
stored in the database.
> Also, what about authentication via LDAP?
>
For Tomcat 4 only, JNDIRealm is also supported, so you can do
authentication and role lookup via LDAP.
> Jon
>
>
>
Craig McClanahan
