Kin-man Chung wrote:
> In the interest of backward compatibility, asadmin should just ignore
> the --passwordfile options if the domain was created with no password.
> Otherwise a lot of scripts and ant tasks will no longer work. This is
> a serious problem for devtests, which need to run in various versions
> of the appserver.
Probably you are right and we might have to do something if this
remains confusing but I don't think there is any v2-compatibility issue
here. After talking to Bill, I agree with him that the change he's made
is correct and makes the domain more secure. (A long-winding explanation
...)
The only "change" is that in v2, the setup.xml
used to create the domain with "admin"/"adminadmin" and in v3 the
.zip bundles create a preconfigured domain with "admin"/no-password.
v3-final is going to be incompatible with earlier releases of v3
(Prelude/Preview) because v3 (Prelude/Preview) ignored all
user names/passwords with default domain (that is bundled in
the web.zip/glassfish.zip bundles). I am not sure if we must
preserve v3-final's compatibility with Preview/Prelude.
One idea is to make the password for "admin" user "adminadmin"
instead of no-password, which will fix most of the tests, but
this idea is is rather weird too (conflicts with --no-password
option on create-domain).
>
> On 09/14/09 17:41, Jane Young wrote:
>> Looks like if you create a domain with "--nopassword" option and then
>> you specify --passwordfile option on the command line, asadmin will
>> prompt you for the password if --interactive=true (by default).
>> So the combination of --user admin --passwordfile <file> will just
>> idle there for you to prompt for a password. Since the domain is
>> created with --nopassword, type enter and command will execute. If
>> you type a password, the command will fail with authentication error.
>>
>> Not sure if this is intended feature. Kedar is going to find out from
>> Bill.
>>
>> Jane
>>
>>
>> Kedar Mhaswade wrote:
>>> If this is failing for you, can you share the contents of
>>> domain-folder/config/admin-keyfile?
>>>
>>> -Kedar
>>>
>>>
>>> Kin-man Chung wrote:
>>>> I though Bill changed asadmin last week (9/9). Quoting
>>>>
>>>> "We'll remove the "anonymous" user. Instead, there will be a default
>>>> admin user named "admin" with no password.
>>>>
>>>> If there's exactly one admin user (whatever the name), with no
>>>> password,
>>>> unauthenticated login will be allowed."
>>>>
>>>> Not sure if it was his intention to make the combination
>>>>
>>>> --user admin --passwordfile <file>
>>>>
>>>> to fail. Seems like it should just ignore the now unnecessary
>>>> --passwordfile.
>>>>
>>>> -Kin-man
>>>>
>>>>
>>>>
>>>> On 09/14/09 16:10, Shing Wai Chan wrote:
>>>>> Marina Vatkina wrote:
>>>>>> Where?
>>>>> For devtests, it is the as.props under config/properties.xml.
>>>>> Shing Wai Chan
>>>>>>
>>>>>> thanks,
>>>>>> -marina
>>>>>>
>>>>>> Shing Wai Chan wrote:
>>>>>>> If you remove the --user admin --passwordfile ...
>>>>>>> then it will works.
>>>>>>> Shing Wai Chan
>>>>>>>
>>>>>>> Marina Vatkina wrote:
>>>>>>>
>>>>>>>> Ming,
>>>>>>>>
>>>>>>>> How does QL handle it?
>>>>>>>>
>>>>>>>> thanks,
>>>>>>>> -marina
>>>>>>>>
>>>>>>>> Amy Roh wrote:
>>>>>>>>
>>>>>>>>> I'm seeing the same with web devtests also.
>>>>>>>>>
>>>>>>>>> asadmin-common-ignore-fail:
>>>>>>>>> [echo] asadmin set --user admin --passwordfile
>>>>>>>>> /Users/Amy/glassfish-v3/v3/appserv-tests/config/adminpassword.txt
>>>>>>>>> --host localhost --port 4848 --echo=true --terse=true
>>>>>>>>> server.http-service.virtual-server.server.default-web-module=web-virtual-server-default-web-module-web
>>>>>>>>>
>>>>>>>>> [exec] Authorization has been refused for credentials
>>>>>>>>> [user: admin] given in this request.
>>>>>>>>> [exec] (Usually, this means invalid user name and/or
>>>>>>>>> password)
>>>>>>>>> [exec] Result: 1
>>>>>>>>>
>>>>>>>>> Do we need to update user name/password?
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Amy
>>>>>>>>>
>>>>>>>>> Marina Vatkina wrote:
>>>>>>>>>
>>>>>>>>>> Bill,
>>>>>>>>>>
>>>>>>>>>> What do we need to change to make devtests working again?
>>>>>>>>>>
>>>>>>>>>> All deploy/undeploy calls now fail with:
>>>>>>>>>>
>>>>>>>>>> [exec] Authorization has been refused for credentials
>>>>>>>>>> [user: admin] given in this request.
>>>>>>>>>> [exec] (Usually, this means invalid user name and/or
>>>>>>>>>> password)
>>>>>>>>>>
>>>>>>>>>> (Any test under
>>>>>>>>>> <ws>/v2/appserv-tests/devtests/ejb/ejb31/timer31 only needs a
>>>>>>>>>> running GF to execute, besides APS_HOME set to
>>>>>>>>>> <ws>/v2/appserv-tests and S1AS_HOME set to
>>>>>>>>>> <gf-install>/glassfishv3/glassfish)
>>>>>>>>>>
>>>>>>>>>> thanks,
>>>>>>>>>> -marina
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>>>>>>>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>>>>>>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>
>>>>>>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>>>>>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>>
>>>>>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>>>>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>>>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>