On Jul 15, 2013, at 11:04 AM, Spencer Lamont R CONTR USSTRATCOM/J646 <lamont.r.spencer....@stratcom.mil> wrote:
> Dan: Please don't top post. Reply inline or after to preserve the flow of the conversation. > > 1. 7.0.14 This is really old. The security risks from running such an old version are undoubtedly greater than having your manager passwords in plain text in a file that is appropriated secured with OS level permissions. http://tomcat.apache.org/security-7.html > 2. attachment. In the future, please inline your config info. It's easier and quicker to read that way. Plus, the list will sometimes strips off attachments. > 3. I found these steps online. I am using SHA-1 or SHA-256, trying to. Most of the realms support the "digest" attribute that you mentioned, but I don't see it listed for the one that you are using. http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html#UserDatabase_Realm_-_org.apache.catalina.realm.UserDatabaseRealm You could try using the MemoryRealm instead. It's very similar to UserDatabaseRealm, but it lists support for the "digest" attribute. http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html#Memory_Based_Realm_-_org.apache.catalina.realm.MemoryRealm As a side note, I wouldn't suggest using either of these realms in production. For production deployments, you'd be better off using the JDBC or LDAP backed realms. Dan > > THX. > > -----Original Message----- > From: Daniel Mikusa [mailto:dmik...@gopivotal.com] > Sent: Monday, July 15, 2013 9:31 AM > To: Tomcat Users List > Subject: Re: Number of logs files and encrypt manager passwd > > On Jul 15, 2013, at 10:04 AM, Spencer Lamont R CONTR USSTRATCOM/J646 > <lamont.r.spencer....@stratcom.mil> wrote: > >> To all: >> >> I am looking for the file in which to set the number of logs to keep. > > You can configure logging in "conf/logging.properties", however the default > configuration does not offer a way to do what you are asking. It simply > creates a new log file every day. You would need to manually clean them up > with a cron job or scheduled task. > > Alternatively, you could enable Log4j which automatically cleans up old > files. > > https://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j > >> Also I tried to encrypt the manager password to the manager web page. I > did the steps with the realm and users file, but when I went to access the > page it would not work. When I put the unencrypted passwd back it works. > > You're going to need to provide more information here. Start by including > this. > > 1.) What version of Tomcat are you running? Include the whole number, 6.0.x > or 7.0.x. > > 2.) How do you have your realm and user's configured? Please include the > XML configuration, minus comments and any sensitive information. > > 3.) Are you trying to use encryption or hashing? > > Dan > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > <non-plaintext passwords.docx><server xml.ORIGINAL> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
