OK, thanks again. JNDIRealm cool! That was another question that I was going
to ask is if it is possible to have it query an LDAP directory for the
password information. I'll have to take a look at that. JDBCRealm never
seemed like a good idea to me considering most SQL connections aren't
encrypted. Hopefully JNDIRealm uses SSL. I'm wondering if the role
information has to be stored in the directory? I'll see if I can find the
docs...
Thanks, Jon
----- Original Message -----
From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
To: "Tomcat User List" <[EMAIL PROTECTED]>
Sent: Thursday, August 16, 2001 3:19 PM
Subject: Re: Way to tell Tomcat 4 to reload tomcat-users.xml without having
to restart?
>
>
> On Thu, 16 Aug 2001, Jonathan Eric Miller wrote:
>
> > Does anyone know if there is a way to tell Tomcat 4 to reload the
> > tomcat-users.xml file?
> >
>
> No, although it would be technically feasible to implement somethng.
>
> > I want to give users the ability to change their passwords without
having to
> > restart Tomcat in order for the changes to take affect. I was able to
this
> > with Apache Web Server without a problem because it apparently
continuously
> > checks that file to see if it has changed. Tomcat doesn't seem to do
that.
> >
>
> If you want to do this, you really want to be storing your users in a
> database and using JDBCRealm, or a directory server and using
> JNDIRealm. The tomcat-users.xml file is there primarily as the minimum
> level of stuff necessary to use container-managed security - it is not
> designed for use as the production means for storing usernames.
>
> > Also, I'm wondering if there are plans to make it so that the passwords
in
> > this file are encrypted?
> >
> > Jon
> >
> >
> >
>
> Craig
>
>
>
