Modifying Default Tomcat User
How can we change the default username/password Tomcat ships with?
Various areas of Tomcat are secured to prevent unauthorized access, such as the Probe utility. mrc highly recommends changing the default username and password. You can change this information by modifying the following file: /m-power/tomcat/conf/tomcat-users.xml. Simply change references of mrcuser and save the file. Then, open mrctool.properties, found in m-power/proddata/conf. At the bottom of the file, add two new properties: tomcat_user and tomcat_password. Then, enter the values for the new user and password you just set, so it looks like:
tomcat_user=mySecretUser tomcat_password=someSecurePassword
Note: If you would prefer to use an encrypted password instead of one in plain text, please follow the steps below:
- In m-Power, navigate to Admin -> Menu and Security -> Encrypt Password
- Enter in the plain text value and press "Generate Encrypted Password"
- Copy password and paste into the tomcat-users.xml file. This file can be found in /tomcat/conf. Replace the existing password
- In /tomcat/conf, edit the server.xml file. Look for the following:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> - Edit the file so it looks like this:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" digest="sha-256"/>
- Save and restart Tomcat
Note: The value in tomcat_password within mrctool.properties should remain in plain text.
Once done, save this file and restart Tomcat to secure Tomcat screens with your new credentials.