How can we change the default username/password Tomcat ships with?
Various areas of Tomcat are secured to prevent unauthorized access, such as the Probe utility. mrc highly recommends changing the default username and password. You can change this information by modifying the following file: /m-power/tomcat/conf/tomcat-users.xml. Simply change references of mrcuser and save the file. Then, open mrctool.properties, found in m-power/proddata/conf. At the bottom of the file, add two new properties: tomcat_user and tomcat_password. Then, enter the values for the new user and password you just set, so it looks like:
tomcat_user=mySecretUser tomcat_password=someSecurePassword
Implementation
- In m-Power, navigate to Admin -> Legacy Admin -> Users Menu & Security -> Encrypt Password
- Enter in the plain text value and press “Generate Encrypted Password”
- Copy password and paste into the tomcat-users.xml file. This file can be found in /tomcat/conf. Replace the existing password
- In /tomcat/conf, edit the server.xml file. Look for the following:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
- Replace that line with this:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"> <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256" /> </Realm>
- Save and restart Tomcat
Once done, save this file and restart Tomcat to secure Tomcat screens with your new credentials.