Skip to main content



      Home
Home » Eclipse Projects » Virgo » Hidding web/jmx admin password
Hidding web/jmx admin password [message #655308] Sat, 19 February 2011 02:20 Go to next message
Eclipse UserFriend
Hi,

Currently the password is stored in clear text under config directory.

is it possible to hide/encypt it?

With the current state, I am not not sure if if Virgo is installable/acceptable under corporate or govermental environmental environments.

Thanks

-Dan
Re: Hidding web/jmx admin password [message #655313 is a reply to message #655308] Sat, 19 February 2011 05:23 Go to previous messageGo to next message
Eclipse UserFriend
The access to org.eclipse.virgo.kernel.jmxremote.access.properties is restricted to the user starting Virgo. This can be applied to the rest of the config files.

Will this help you?
Re: Hidding web/jmx admin password [message #655358 is a reply to message #655313] Sat, 19 February 2011 15:03 Go to previous messageGo to next message
Eclipse UserFriend
Hi Hristo


That is not acceptable for corporate IT. I dealt with this before

How about provide some type of command line to hash the clear text password? not sure how this would work for JConsole, but Web Admin seems do able.

-D

Re: Hidding web/jmx admin password [message #655385 is a reply to message #655358] Sun, 20 February 2011 05:06 Go to previous messageGo to next message
Eclipse UserFriend
Hi,

Afaik JMX can also use custom login module.

Can you please create enhancement request for the plain text passwords?

Having hashed passwords will complicate the Virgo configuration, so we need to think of a way to have this configurable. As you mentioned we'll also need tool(s) for changing the passwords.

Btw Virgo uses the recommended method to secure the JMX access file.

Regards,
Hristo Iliev

[Updated on: Sun, 20 February 2011 05:22] by Moderator

Re: Hidding web/jmx admin password [message #655428 is a reply to message #655385] Sun, 20 February 2011 14:53 Go to previous messageGo to next message
Eclipse UserFriend
Hi Hristo,

From your ref link ot JMX method of authentication, user can use client certificate or LDAP password authentication authentication, this is a much safer approach.

Big thanks

-Dan
Re: Hidding web/jmx admin password [message #655559 is a reply to message #655428] Mon, 21 February 2011 13:36 Go to previous messageGo to next message
Eclipse UserFriend
This can require some changes in dmk.bat/sh to apply some new parameters.

We'll be glad if you can share your progress here on the forum Smile
Re: Hidding web/jmx admin password [message #655578 is a reply to message #655559] Mon, 21 February 2011 14:37 Go to previous message
Eclipse UserFriend
I will surely return whatever I can back to Virgo Community.

Thanks for the support.

-Dan
Previous Topic:Will virgo-jetty-server publish a HttpService?
Next Topic:Reliable mass install/update
Goto Forum:
  


Current Time: Fri Jul 04 16:18:15 EDT 2025

Powered by FUDForum. Page generated in 0.04912 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top