users@glassfish.java.net

Is this a bug?

From: Raju Uppalapati <ruppalapati_at_gmail.com>
Date: Wed, 19 Dec 2007 12:37:29 -0800

Installed Sun Appserver 9.1 on Solaris 10 as root user.
It appears most asadmin commands run without valid credentials. Sounds like
a security issue ... or did I configure the product incorrecty.

Following is the stuff I tried.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(root_at_ps-eng41)/opt/SUNWappserver/appserver/bin> ./asadmin version
Version = Sun Java System Application Server 9.1
Command version executed successfully.


(root_at_ps-eng41)/opt/SUNWappserver/appserver/bin> id
uid=0(root) gid=0(root)

(root_at_ps-eng41)/opt/SUNWappserver/appserver/bin> ls /.as*
/.asadminpass /.asadmintruststore

(root_at_ps-eng41)/opt/SUNWappserver/appserver/bin> rm /.as*

(root_at_ps-eng41)/opt/SUNWappserver/appserver/bin> ./asadmin set
server.java-config.classpath-prefix="abc"
Please enter the admin user name>sdfsdfdfsdfsdf
Please enter the admin password>
[
[
  Version: V3
  Subject: CN=ps-eng41, OU=Sun Java System Application Server, O=Sun
Microsystems, L=Santa Clara, ST=California, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key: SunPKCS11-Solaris RSA public key, 1024 bits (id 4457392, session
object)
  modulus:
162595343412517081350717721431792222480131632239911140247259925363614979944889553659203060171146739227898952230234953027384991099962184711950158582812734139114457703852724919555025932240118382020950365760365711874085966318491224685751749420236180416137548504513833107233039993995714350912212077979492700570871
  public exponent: 65537
  Validity: [From: Tue Dec 18 11:39:57 PST 2007,
               To: Mon Dec 18 11:39:57 PST 2017]
  Issuer: CN=ps-eng41, OU=Sun Java System Application Server, O=Sun
Microsystems, L=Santa Clara, ST=California, C=US
  SerialNumber: [ 88329633]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: AA 54 64 02 41 65 97 AA 1F FE 7E C5 65 8D 34 1E .Td.Ae......e.4.
0010: 72 24 21 F7 BC 78 28 E7 F5 04 E5 EB 08 DA DC 2A r$!..x(........*
0020: 5D 62 B1 01 D6 E6 ED 0C 95 36 F1 6A 89 E0 0B 0F ]b.......6.j....
0030: B6 32 A9 99 4F 3F 65 B3 3E F5 45 FE 12 06 6B 1F .2..O?e.>.E...k.
0040: C0 39 6B 4E 21 A4 38 80 D8 71 2D 30 C9 1A 68 1D .9kN!.8..q-0..h.
0050: 20 8A 6C 15 D0 32 E3 CB C1 66 92 29 FC AE C6 67 .l..2...f.)...g
0060: 81 94 DE 25 99 6C 03 02 9A 23 49 03 FD EE E2 95 ...%.l...#I.....
0070: 13 AE 31 C3 E0 92 08 83 15 BD 6B 33 36 FB 99 BA ..1.......k36...

]
Do you trust the above certificate [y|n] -->y
server.java-config.classpath-prefix = abc
(root_at_ps-eng41)/opt/SUNWappserver/appserver/bin> ./asadmin set
server.java-config.classpath-prefix="abc"
Please enter the admin user name>dfsfsdf
Please enter the admin password>
server.java-config.classpath-prefix = abc
(root_at_ps-eng41)/opt/SUNWappserver/appserver/bin> ./asadmin set
server.java-config.classpath-prefix="abc"
Please enter the admin user name>fgdsfghdfgdfgg
Please enter the admin password>
server.java-config.classpath-prefix = abc
(root_at_ps-eng41)/opt/SUNWappserver/appserver/bin>