Tamino security

probably this is an easy question, because I’m new with security issue.
I succeeded to use “OS” security, but have problems with “Tamino” security.
I found appropriate old posting with question like:

Using a Webdav-Client (DAVExplorer) to access the ‘administration’ root collection, the client now asks for login. However,
regardless which user I use for authentication access is denied (HTTP 403).?
and answer
Hello Roland,

this behavior can have several reasons. As first check if the “databaseUri” attribute of the realm element in your server.xml points to the right Tamino database. As next verify if the ino:security collection is not read protected (if it is read protected, the user that should be authenticated has to have the read right) and Tamino authentication is switched on in the Tamino database properties. As next check if the user which should be authenticated is a memeber of a Tamino group, defined under ino:group. This group has to be added as role in the web.xml like explained in the webdav documentation.
regards Eckehard

I checked all those conditions (except ‘ino:security collection is not read protected’ - I can’t see this collection, although I created new users) and still getting response 403.
And something elese not clear for me. When I setting database security I can specify users, but how I can specify passwords for “Tamino” authentication?
Thank you
P.S. it’s Tamino and webdav server