The MD5 generation built into the Java standard libraries computes the
same value as the Gnu "md5sum" command and that used in Tomcat.
I'm no expert, but I believe there's a standardized definition of the
MD5 sum and all these disparate pieces of software conform to that
I've personally used the "md5sum" command to generate password strings
for my ".../conf/tomcat-users-xml" file:
% echo -n "notAPassword" | md5sum
Note the "-n" option which, for BASH's built-in "echo" command,
suppresses the trailing newline. This is critical to get the correct
result. If you use a different shell or echo command, be sure to use
the appropriate option to suppress the trailing newline. If you put
the password into a file, the same consideratino applies. The "md5sum"
command processes each byte in the file.