Just trying to understand the behavior of installer driven distributions
to support this change. Should we expose an option in the installer then
to enable secure admin and prompt for the password if the user chooses
to do so?
Thanks
Sathyan
On 11/2/11 4:04 PM, Joe Di Pol wrote:
> For 3.1.2 we are planning some changes where GlassFish will become
> more diligent about requiring an admin password to be set when
> remote administration is enabled (as done by the enable-secure-admin
> command). This e-mail is to give you a heads up that the change is
> coming.
>
> In 3.1[.1] the default GlassFish installation has remote administration
> disabled and no admin password configured (unless you choose to
> configure one). So by default you can administer GlassFish only
> from the system it is installed on, but you can do so without an
> admin password.
>
> We are not changing that behavior.
>
> The problem is you can later turn on remote administration (using
> enable-secure-admin) without having an admin password set. This is
> the behavior we plan on changing.
>
> The plan is to modify enable-secure-admin and change-admin-password
> (and create-file-user/update-file-user) so that you are required to
> have an admin password set if you have remote administration enabled.
> For example enable-secure-admin will fail if you have no admin password
> set. You will need to set an admin password before running
> enable-secure-admin.
>
> Let me know if you have any questions or concerns.
>
> Joe