top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Tomcat: Visible passwords in realm

+4 votes
324 views

Is there any way to not have the password visible in the realm for example for active directory realm?

posted Nov 20, 2013 by Majula Joshi

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

Check this it should be helpful
https://wiki.apache.org/tomcat/FAQ/Password

answer Nov 20, 2013 by Seema Siddique
Similar Questions
+2 votes

When we register to the site, how is the password stored?

+1 vote

I write my own realm implementation for Tomcat 7.x. In the method Principal authenticate(X509Certificate[] certs) I'd like to read request headers. My authentication would be based on client certificate + custom http request value. Is it possible?

The method authenticate is called in
SSLAuthenticator.authenticate(Request request, HttpServletResponse response, LoginConfig config)

But I do not see that the Request object is passed to realm instance. Is there something similar like WebServiceContext that is used for WS?

...
 @Resource
 WebServiceContext wsctx;
 MessageContext mctx = wsctx.getMessageContext();
 HttpServletRequest request = (HttpServletRequest) 
mctx.get("javax.xml.ws.servlet.request");
...
0 votes

In my web app, I'd like to re-use the (server-wide) Tomcat Realm that is already being used for HTTP Basic authentication but couldn't find a way how to get hold of the actual Realm instance.

I spent quite some time looking for a solution (complicated by the fact that most Google hits actually referred to the LDAP authentication realm) but found none. Is there a "config-file-only" solution or do I need to dig into the Tomcat source code and come up with my own JNDI ObjectFactory to achieve this ?

0 votes

I have the kick start file where my root password is store like

# Root password
rootpw --iscrypted $1$1SItJOAg$UM9n7lRFK1/OCs./rgQtQ/
# System authorization information
auth --useshadow --passalgo=sha512

Is there any way to decrypt the password and get it as plain text. I know single user mode works but my case it in remote site.

0 votes

We are running svn server on linux environment and using Tortoise svn as a client now question is can user have option to change his/her password of svn account or just administrator can reset password for user ?

...