1. Home
  2. Knowledge Base
  3. Security
  4. Modifying Default Tomcat User

Modifying Default Tomcat User

How can we change the default username/password Tomcat ships with?

Various areas of Tomcat are secured to prevent unauthorized access, such as the Probe utility. mrc highly recommends changing the default username and password. You can change this information by modifying the following file: /m-power/tomcat/conf/tomcat-users.xml. Simply change references of mrcuser and save the file. Then, open mrctool.properties, found in m-power/proddata/conf. At the bottom of the file, add two new properties: tomcat_user and tomcat_password. Then, enter the values for the new user and password you just set, so it looks like:


If you would prefer to use an encrypted password instead of one in plain text, please follow the steps below


  1. In m-Power, navigate to Admin -> Legacy Admin -> Users Menu & Security -> Encrypt Password
  2. Enter in the plain text value and press “Generate Encrypted Password”
  3. Copy password and paste into the tomcat-users.xml file. This file can be found in /tomcat/conf. Replace the existing password
  4. In /tomcat/conf, edit the server.xml file. Look for the following:
     <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
  5. Replace that line with this:
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase">
        <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256" />
  6. Save and restart Tomcat

The value in tomcat_password within mrctool.properties should remain in plain text.

Once done, save this file and restart Tomcat to secure Tomcat screens with your new credentials.

Updated on February 2, 2023

Was this article helpful?

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support