How can we change the default username/password Tomcat ships with?
Various areas of Tomcat are secured to prevent unauthorized access, such as the Probe utility. mrc highly recommends changing the default username and password. You can change this information by modifying the following file: /m-power/tomcat/conf/tomcat-users.xml. Simply change references of mrcuser and save the file. Then, open mrctool.properties, found in m-power/proddata/conf. At the bottom of the file, add two new properties: tomcat_user and tomcat_password. Then, enter the values for the new user and password you just set, so it looks like:
tomcat_user=mySecretUser tomcat_password=someSecurePassword
If you would prefer to use an encrypted password instead of one in plain text, please follow the steps below
Implementation
- In m-Power, navigate to Admin -> Legacy Admin -> Users Menu & Security -> Encrypt Password
- Enter in the plain text value and press “Generate Encrypted Password”
- Copy password and paste into the tomcat-users.xml file. This file can be found in /tomcat/conf. Replace the existing password
- In /tomcat/conf, edit the server.xml file. Look for the following:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
- Replace that line with this:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"> <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256" /> </Realm> - Save and restart Tomcat
The value in tomcat_password within mrctool.properties should remain in plain text.
Once done, save this file and restart Tomcat to secure Tomcat screens with your new credentials.