/Actually it is good that you think this is encrypted :) . The
fact is it is not. It is just encoded. But note that this
file is always protected on good platforms like Solaris/Linux
by GlassFish, it has 0600 permissions for your safety). /
Add Windows into the list of "good" platforms.
Windows always makes the user home directory protected by default. The
files under there are readable by the user and root only. Just like
Solaris/Linux.
Kedar Mhaswade wrote:
> Please bear with me for a long answer. But please read till the very
> end. If there are more questions, let me know.
>
> Mark Hansen wrote:
>
>> Is this the right mailing list for a question about asadmin utility?
>> If not, please direct me elsewhere.
>
>
> This is the right one. A better one is copied
> (admin_at_glassfish.dev.java.net).
>
>>
>> Does the --passwordfile file contain the admin password in encrypted
>> form, something like this:
>>
>> AS_ADMIN_ADMINPASSWORD=YWRtaW5hZG1pbg==
>>
>> or cleartext like
>>
>> AS_ADMIN_ADMINPASSWORD=adminadmin
>
>
> No, the passwordfile that you provide to --passwordfile option
> on asadmin commands needs to have passwords in clear.
>
> Thus,
>
> 1. have AS_ADMIN_PASSWORD=adminadmin in the passwordfile and then
> provide the path to this file for asadmin "remote" commands (like
> deploy, create-jdbc-resource etc.
> 2. have AS_ADMIN_ADMINPASSWORD=newdomainpassword (or something similar)
> and provide this to the "create-domain" command which then makes this
> password the admin password for the newly created domain. Thus,
> AS_ADMIN_ADMINPASSWORD is used *only* by the create-domain command.
>
> Now, what's the difference between AS_ADMIN_PASSWORD and
> AS_ADMIN_ADMINPASSWORD?
>
> For a given domain, there is no difference. The issue comes when you want
> to create a new domain. The create-domain command only accepts
> --adminuser
> option and hence it pays attention only to AS_ADMIN_ADMINPASSWORD.
>
> 95% out of commands asadmin commands actually are remote commands that
> communicate with an *existing* domain over HTTP (port 4848 -- admin
> port).
>
> The create-domain discrepancy is *real* pain in the neck. We are going
> to correct that. Please see:
> http://wiki.java.net/bin/view/Projects/HighLevelAdminFeaturesForGlassFishV2#c4
>
>
> After we do that create-domain will accept --user and --password which
> will
> make AS_ADMIN_ADMINPASSWORD needless. This will make create-domain
> similar
> to other asadmin commands with regards to "password".
>
> Now coming to the encrypted part of it. I am pretty sure that
> AS_ADMIN_ADMINPASSWORD=YWRtaW5hZG1pbg== is something that you picked from
> a file ".asadminpass" in your home directory. I don't think you got it
> right. If at all this entry is there, it should be something like:
>
> asadmin://admin_at_localhost:4848 YWRtaW4xMjM=
>
> (Actually it is good that you think this is encrypted :). The
> fact is it is not. It is just encoded. But note that this
> file is always protected on good platforms like Solaris/Linux
> by GlassFish, it has 0600 permissions for your safety).
>
> This is the outcome of one of the two things:
>
> - you used asadmin login command, or
> - you used asadmin create-domain --savelogin.
>
> If this assumption is right, please read on:
>
> "asadmin login" was designed on the same lines as that of "cvs login"
> You basically "login" to a domain, and then will *never* have to provide
> the passwordfile and user for that domain!
>
> So look at it this way:
>
> Suppose that you have a domain for which you selected the
> default admin port (4848). Then, in order to script asadmin commands,
> this is how your script would look like: (I am not bringing
> any env vars into picture)
> - asadmin deploy --user admin --passwordfile passfile ...
> - asadmin configure-jdbc-connection-pool --user admin --passwordfile ...
> - asadmin create-file-user --user admin --passwordfile ...
> - asadmin list --user admin --passwordfile passfile --cluster ...
> ...
>
> With asadmin login to this domain, or using asadmin create-domain
> --savelogin,
> your life is without much typing:
> - asadmin deploy ...
> - asadmin configure-jdbc-connection-pool ...
> - asadmin create-file-user ...
> - asadmin list ...
>
> If you don't use the default admin port (4848), you will need to specify
> the port on these commands, but that is the same with commands before the
> use of asadmin login.
>
> Am I making it clear?
>
>>
>> Currently, it seems that I need to have it encrypted. But, it used
>> to work with cleartext. Has there been a change since the release of
>> the Java EE 5 SDK? I am running the asadmin from Java EE 5 SDK.
>
>
> Now, you must have selected the installer option where it says "Don't
> prompt for the user name and password". If yes, then it created the
> default
> domain with --savelogin option.
>
> This does not happen with GlassFish setup.xml, I guess.
>
> Got it?
>
> If you want to know more about this, please see:
>
> https://glassfish.dev.java.net/javaee5/admin-infra/subprojects/asadminlogin/index.html
>
>
>
> Kazem (copied) did bring this confusion to our notice, but
> your confusion is mainly from the fact about AS_ADMIN_PASSWORD
> and AS_ADMIN_ADMINPASSWORD.
>
> Regards,
> Kedar