> From: Shaw, Mike [mailto:[EMAIL PROTECTED] > Subject: User roles > > Our Security group wants for me to change the Tomcat 5 > default password.
There's no such thing as a password for Tomcat itself. Various webapps deployed under Tomcat may have security constraints requiring certain roles, but the default tomcat-users.xml contains no passwords. The manager and admin apps do require roles and authentication, of course. > I know that the role called "tomcat" needs to be in there > to have the service operate correctly. Not true; running Tomcat as a service has nothing to do with what's in the tomcat-users.xml file. If you're serious about security, you'll discard the default toy <Realm> and use a real one. Read up on it here: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
