users@glassfish.java.net

Re: Windows service asks for admin password when starting

From: Ryan de Laplante <ryan_at_ijws.com>
Date: Sun, 19 Aug 2007 13:31:25 -0400

I have created a command line utility to make creating a Windows service
easy, and posted it on my blog:

http://www.ryandelaplante.com/rdelaplante/entry/creating_a_windows_service_for


Ryan


Ryan de Laplante wrote:
> Thanks for taking the time to describe this in detail. It does behave
> the way you described on two other computers. Either I did something
> wrong on the one that required the password file, or it was an older
> version. I'll look at it again soon.
>
> Can you give me the link to your blog? This mailing list does not
> show me your name, email address or anything.
>
>
> Thanks,
> Ryan
>
> glassfish_at_javadesktop.org wrote:
>>> The Glassfish website shows a few simple commands
>>> that you can run to get it installed, which includes a setup.xml or
>>> setup-cluster.xml (depending on which you want). I don't think many
>>> people will be editing this file before installing?
>>
>> Right.
>>
>> But serious users should look at "asadmin create-domain" some more.
>>
>> ant -f setup[-cluster].xml does two (kind of) things:
>> - setting up install-wide -- this includes token replacement,
>> creation of asadmin and
>> other scripts and some config files (e.g. asadminenv.conf in
>> install-dir/config).
>> - creation of the so-called default-domain, domaiin1. This is done to
>> a default setup. It does
>> do the --savelogin to save your information to the ~/.asadminpass
>> file.
>>
>>
>>> My tool is to
>>> be used after you've completed the installation on Windows. All it
>>> does is create a windows service, and optionally a password.txt file
>>> so that installations with the cluster profile will start
>>> unattended. It is now working great, but I do not like the plain text
>>> password stored in password.txt.
>>> I get the impression that for unattended Windows
>>> service startup, the password must be stored in plain text in a file
>>> and
>>> the asadmin command needs to know where this file is. There is no
>>> support for a hashed password in the file.
>>>
>>
>> Again, not correct.
>> If you did "--savelogin" on "asadmin create-domain" (which
>> setup.xml's do),
>> you should not be prompted for that domain's startup. If you create
>> your own
>> domain, you'll have to take care of it yourself. For the default
>> domain, you should
>> not be prompted for password as it is already available in
>> ~/.asadminpass. The only
>> caveat is that this file should contain entry corresponding to the
>> admin port (generally 4848)
>> of your domain.
>>
>> Encrypted/hashed entries in ~/.asadminpass -- this is not supported.
>> The password is
>> encoded and for general use case, it should be enough, IMO. If not,
>> just provide the
>> platform security for it on Windows. On Unix(es), it will have a
>> permission of 600 as I mention
>> before.
>>
>> Let me work even harder on explaining to you that the file that is
>> taken as an argument to
>> --passwordfile is completely different from the ~/.asadminpass. The
>> argument to --passwordfile
>> should generally contain passwords in clear text but it can get
>> arbitrarily sophisticated. I will
>> blog about it a little later.
>>
>>> Thanks,
>>> Ryan
>>>
>>> glassfish_at_javadesktop.org wrote:
>>>
>>>> Yes, it is possible. The trick lies in creating the
>>>>
>>> domain. Remember, creation of a domain works
>>>
>>>> in concert with starting it. If you make the
>>>>
>>> provisions during creation, startup of domain will be
>>>
>>>> facilitated. I encourage you to do some experiments
>>>>
>>> and then you'll see some real goodies in GlassFish:
>>>
>>>> 1- Remove ~/.asadminpass (~ refers to your home
>>>>
>>> folder).
>>>> -- "asadmin crate-domain --adminport 4848
>>>>
>>> foodomain". Observe that no ~/.asadminpass is
>>>> created. -- now do: "asadmin crate-domain --adminport
>>>>
>>> [b]--savelogin[/b] 4848 foodomain. Observe that
>>>> ~/.asadminpass is created! This file
>>>>
>>> contains the encoded admin user and password and its
>>>
>>>> access permissions are set to 600 (on Unix
>>>>
>>> platforms, where [i]chmod[/i] works). Note: The
>>>
>>>> password is NOT encrypted/hashed.
>>>>
>>>> 2- Now start the domain.
>>>> -- In case of no ~/.asadminpass, the
>>>>
>>> start-domain command would prompt you for admin
>>>
>>>> user and password for a domain that's
>>>>
>>> cluster aware.
>>>
>>>> -- In case of ~/.asadminpass, the start-domain
>>>>
>>> will look for the relevant entry in
>>>> ~/.asadminpass and use the admin user and
>>>>
>>> password from there!
>>>
>>>> 3. ~/.asadminpass can contain admin user and
>>>>
>>> password for multiple domains. The entries are
>>>
>>>> keyed on admin server's host name and admin port
>>>>
>>> number (e.g. localhost, 4848).
>>>
>>>> 4. Not all domains are born same :). A domain that
>>>>
>>> does not deal with clusters (e.g. the so-called
>>>
>>>> developer profile domain) is not required to have
>>>>
>>> any admin user and password at the
>>>> [i]startup[/i]. A domain with cluster support, on
>>>>
>>> the other hand, requires admin user and password
>>>
>>>> at the startup so that it can communicate with
>>>>
>>> other entities in the domain (e.g. node-agent).
>>>
>>>> Moderately interesting, eh?
>>>>
>>>> Regards,
>>>> Kedar
>>>> [Message sent by forum member 'km' (km)]
>>>>
>>>>
>>>>
>>> http://forums.java.net/jive/thread.jspa?messageID=2309
>>> 77
>>>
>>>>
>>> ------------------------------------------------------
>>> ---------------
>>>
>>>> To unsubscribe, e-mail:
>>>>
>>> users-unsubscribe_at_glassfish.dev.java.net
>>>
>>>> For additional commands, e-mail:
>>>>
>>> users-help_at_glassfish.dev.java.net
>>>
>>>>
>>> ------------------------------------------------------
>>> ---------------
>>> To unsubscribe, e-mail:
>>> users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail:
>>> users-help_at_glassfish.dev.java.net
>>>
>> [Message sent by forum member 'km' (km)]
>>
>> http://forums.java.net/jive/thread.jspa?messageID=231002
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>