Ok, I am back. Let me clarify some of the questions you have asked and
the relation to bug 4572.
>
> sonia liu wrote:
>> Hi,
>>
>> I noticed an optoin change several days ago while using
>> create-file-uesr command. Before the change I used to use the
>> following comamnd to create file user
>> asadmin create-file-user --user admin --userpasswordfile <a admin
>> password file that contains:
>> AS_ADMIN_PASSWORD=adminadmin
>> AS_ADMIN_USERPASSWORD=adminadmin
>> > --authrealmname file --groups <group> --port 4848 j2ee
>> Earlier I created an user j2ee/j2ee using the above command and ran
>> security basic authentication test, I was successfully logined in as
>> j2ee/j2ee (user/password). But several days ago, I noticed the
>> create-file-user stopped support --userpasswordfile and only
>> supported --userpassword. I confirmed this with CLI developer and
>> then changed the --userpasswordfile to --userpassword in my test
>> case. Please note, since we passed adminpassword (adminadmin) to the
>> --userpasswordfile option and it worked, so I did the same to pass
>> adminpassword adminadmin to --userpassword option. Then I have
>> successfully created the user. However, when I ran the basic test, I
>> entered j2ee/j2ee as usual, it always got denied. Now I entered
>> j2ee/adminadmin, it passed. So I noticed the current create-file-user
>> command considers the --userpassword as the new user's password, not
>> the admin user's password. Can someone please help to clarify if this
>> is an expected behavior?
--passwordfile is used by most CLI's to fetch the adminpassword
(property name AS_ADMIN_PASSWORD)
However, create-file-user/update-file-user commands used (in v2) the
option for an additional purpose. They also fetch the password for
file-realm user using this file (AS_ADMIN_USERPASSWORD)
The admin password is not used (even in v2) as the file-user password
In v3, --passwordfile option is not yet implemented. That means that no
CLIs use admin password. But create-file-user had to be implemented for
TP2. So a way was needed to allow administrator to pass that file-realm
user password.
Back in v2, there was an RFE around having some way *other* than
--passwordfile option to pass file-realm password because a script
adding multiple users to a file-realm had to go and change the
AS_ADMIN_USERPASSWORD entry everytime before adding new user.
With the present limitation of no support for --passwordfile and with
the backdrop of this RFE, --userpassword was added. That is why you see
that --userpassword is the one used to intake the file-user password.
However the passwords could not be masked and were sent in clear-text.
So this option had to be changed recently and we are going back to
providing --passwordfile option just for this command. (I had given a
headsup on this to QA earlier this week)
So going forward, starting this Monday, you can rollback to using
earlier option --passwordfile (--userpassword will be removed) just as
it used to be in v2.
Please note that --passwordfile option will be switched on only for this
command and the only entry considered in the file is the
AS_ADMIN_USERPASSWORD and not AS_ADMIN_PASSWORD.
Please let me know if you have further questions.
Thanks
Nandini
>>
>> Thanks
>> Sonia
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>