admin@glassfish.java.net

Re: master password during upgrade

From: Bill Shannon <bill.shannon_at_oracle.com>
Date: Wed, 28 Apr 2010 16:12:41 -0700

Bobby Bissett wrote on 04/28/10 12:26 PM:
> Hi all,
>
> The upgrade tool prompts a user for a domain's master password, and then
> (if one is given) writes it to a temp file and passes it to asadmin with
> a --passwordfile option. As a reminder, the tool calls the command line
> interface of asadmin with a Runtime#exec call. Writing out this password
> in clear text is a no-no, so I need some other way to get the password
> into asadmin.
>
> It'd be great if we could drop the password from the tool completely,
> have the user do some form of 'asadmin login' first, and rely on the
> .asadminpass file that contains the hashed password, but I can only see
> that this applies to the admin password and not the master password.
>
> Does someone else have an idea of how I can handle this? Is there a way
> to avoid specifying the master password entirely when the --upgrade
> argument is present?

asadmin purposely doesn't accept passwords on the command line.
You either have to put it in a file, or type it on the console.
It's amazing but true that the security people would rather have
the password in clear text in a file than on the command line.

We could invent a way to pass the master password on stdin, but
that seems like more work than it's worth.

If we knew we were running on Unix, there'd be lots of other ways to
solve the problem, but...

And remember, if someone uses the --savemasterpassword option, the
password will be stored in clear text in the file. This is not new.