admin@glassfish.java.net

Re: Is login to the DAS from a remote host broken?

From: Paul M Davies (Oracle) <"Paul>
Date: Tue, 07 Dec 2010 08:30:40 -0800

Hi Tim,

This worked.

Thanks for providing the key to the new locks!
-Paul

On 12/06/10 19:57, Tim Quinn wrote:
> Hi, Paul.
>
> The behavior you describe is expected. (There was a security bug
> filed against GlassFish because it had allowed out-of-the-box default
> remote access.)
>
> The DAS rejects remote access via asadmin unless you stop any non-DAS
> instances, then use
>
> asadmin enable-secure-admin
>
> and then restart the DAS (and any instances you want up and running).
>
> Apologies that the locksmith visited while you were out.
>
> - Tim
>
> On Dec 6, 2010, at 9:50 PM, Paul M Davies (Oracle) wrote:
>
>> Hi,
>>
>> I know that some security holes in GF have been fixed, but as I
>> result, I feel as if somebody has changed the locks on my house while
>> I was out for my own security.
>>
>> On the DAS host, I have created a domain with a nondefault admin user
>> and password, started the domain, and logged in to the domain:
>>
>> sr1-jurassic-04(87) asadmin create-domain domain1
>> Enter admin user name [Enter to accept default "admin" / no
>> password]> pmd
>> Enter the admin password [Enter to accept default of no password]>
>> Enter the admin password again>
>> ...
>> Domain domain1 created.
>> Domain domain1 admin port is 4848.
>> Domain domain1 admin user is "pmd".
>> Command create-domain executed successfully.
>>
>> sr1-jurassic-04(88) asadmin start-domain domain1
>> Waiting for domain1 to start
>> .................................................................
>> Successfully started the domain : domain1
>> domain Location:
>> /home/pmdavies/glassfish-installations/glassfish3/glassfish/domains/domain1
>> Log File:
>> /home/pmdavies/glassfish-installations/glassfish3/glassfish/domains/domain1/logs/server.log
>> Admin Port: 4848
>> Command start-domain executed successfully.
>>
>> sr1-jurassic-04(89) asadmin login
>> Enter admin user name [default: admin]> pmd
>> Enter admin password>
>> Login information relevant to admin user name [pmd]
>> for host [localhost] and admin port [4848] stored at
>> [/home/pmdavies/.asadminpass] successfully.
>> Make sure that this file remains protected.
>> Information stored in this file will be used by
>> asadmin commands to manage the associated domain.
>> Command login executed successfully.
>> sr1-jurassic-04(90)
>>
>> But when I try to log in to the domain from a remote host with the
>> credentials that I specified when I created the domain, I am denied
>> access:
>>
>> sr1-usca-02(52) asadmin --host sr1-jurassic-04 login
>> Enter admin user name [default: admin]> pmd
>> Enter admin password>
>> Authorization has been refused for credentials [user: pmd] given
>> in this request.
>> (Usually, this means invalid user name and/or password)
>> Command login failed.
>>
>>
>>
>> Does anybody know what is happening here and how I can contact the
>> DAS from a remote host?
>>
>> Thanks!
>> --
>>
>>
>>
>> <oracle_sig_logo.gif> <http://www.oracle.com>
>> Paul Davies| Principal Technical Writer| +1.408.276.3413
>> Oracle GlassFish Server Documentation
>> 4140 Network Circle, Santa Clara CA 95054, USA
>>
>> <green-for-email-sig_0.gif> <http://www.oracle.com/commitment>
>> Oracle is committed to developing practices and products that help
>> protect the environment
>>
>>
>


-- 
Oracle <http://www.oracle.com>
Paul Davies| Principal Technical Writer| +1.408.276.3413
Oracle GlassFish Server Documentation
4140 Network Circle, Santa Clara CA 95054, USA
Green Oracle <http://www.oracle.com/commitment> 	Oracle is committed to 
developing practices and products that help protect the environment