Hi, Paul.
The behavior you describe is expected. (There was a security bug
filed against GlassFish because it had allowed out-of-the-box default
remote access.)
The DAS rejects remote access via asadmin unless you stop any non-DAS
instances, then use
asadmin enable-secure-admin
and then restart the DAS (and any instances you want up and running).
Apologies that the locksmith visited while you were out.
- Tim
On Dec 6, 2010, at 9:50 PM, Paul M Davies (Oracle) wrote:
> Hi,
>
> I know that some security holes in GF have been fixed, but as I
> result, I feel as if somebody has changed the locks on my house
> while I was out for my own security.
>
> On the DAS host, I have created a domain with a nondefault admin
> user and password, started the domain, and logged in to the domain:
> sr1-jurassic-04(87) asadmin create-domain domain1
> Enter admin user name [Enter to accept default "admin" / no
> password]> pmd
> Enter the admin password [Enter to accept default of no password]>
> Enter the admin password again>
> ...
> Domain domain1 created.
> Domain domain1 admin port is 4848.
> Domain domain1 admin user is "pmd".
> Command create-domain executed successfully.
>
> sr1-jurassic-04(88) asadmin start-domain domain1
> Waiting for domain1 to
> start
> .................................................................
> Successfully started the domain : domain1
> domain Location: /home/pmdavies/glassfish-installations/glassfish3/
> glassfish/domains/domain1
> Log File: /home/pmdavies/glassfish-installations/glassfish3/
> glassfish/domains/domain1/logs/server.log
> Admin Port: 4848
> Command start-domain executed successfully.
>
> sr1-jurassic-04(89) asadmin login
> Enter admin user name [default: admin]> pmd
> Enter admin password>
> Login information relevant to admin user name [pmd]
> for host [localhost] and admin port [4848] stored at
> [/home/pmdavies/.asadminpass] successfully.
> Make sure that this file remains protected.
> Information stored in this file will be used by
> asadmin commands to manage the associated domain.
> Command login executed successfully.
> sr1-jurassic-04(90)
> But when I try to log in to the domain from a remote host with the
> credentials that I specified when I created the domain, I am denied
> access:
>
> sr1-usca-02(52) asadmin --host sr1-jurassic-04 login
> Enter admin user name [default: admin]> pmd
> Enter admin password>
> Authorization has been refused for credentials [user: pmd] given in
> this request.
> (Usually, this means invalid user name and/or password)
> Command login failed.
>
>
> Does anybody know what is happening here and how I can contact the
> DAS from a remote host?
>
> Thanks!
> --
>
>
> <oracle_sig_logo.gif>
> Paul Davies| Principal Technical Writer| +1.408.276.3413
> Oracle GlassFish Server Documentation
> 4140 Network Circle, Santa Clara CA 95054, USA
>
> <green-for-email-sig_0.gif> Oracle is committed to developing
> practices and products that help protect the environment
>