users@glassfish.java.net

RE: Default keystore.jks change password

From: Martin Gainty <mgainty_at_hotmail.com>
Date: Wed, 8 Apr 2009 14:54:58 -0400

//assuming INSTANCE_ROOT is set startup script will assign the instanceRoot to env var
set D02=-Dcom.sun.aas.instanceRoot="%INSTANCE_ROOT%"

//my config in $GLASSFISH_HOME\domains\domain1\config\domain.xml:

<java-config classpath-suffix="" debug-enabled="false" debug-options="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=9009" env-classpath-ignored="true" java-home="${com.sun.aas.javaRoot}" javac-options="-g" rmic-options="-iiop -poa -alwaysgenerate -keepgenerated -g" system-classpath="">
        <!-- various required jvm-options -->
        <jvm-options>-XX:MaxPermSize=192m</jvm-options>
        <jvm-options>-client</jvm-options>
        <jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/lib/endorsed</jvm-options>
        <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
        <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
        <jvm-options>-Dsun.rmi.dgc.server.gcInterval=3600000</jvm-options>
        <jvm-options>-Dsun.rmi.dgc.client.gcInterval=3600000</jvm-options>
        <jvm-options>-Xmx512m</jvm-options>
        <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
.......
      </java-config>

//and o course the applicable permissions are set in server.policy
$GLASSFISH_HOME\domains\domain1\config\server.policy
// JBI instances get all permissions by default
grant codeBase "file:${com.sun.aas.instanceRoot}/jbi/-" {
    permission java.security.AllPermission;
};

// work-around for pointbase bug 4864405
permission java.io.FilePermission "${com.sun.aas.instanceRoot}${/}lib${/}databases${/}-", "delete";

does this help?
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung / Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.






> Date: Wed, 8 Apr 2009 09:49:30 -0700
> From: glassfish_at_javadesktop.org
> To: users_at_glassfish.dev.java.net
> Subject: Re: Default keystore.jks change password
>
> Kedar,
>
> Can you provide some detail on how the master-password is generated and protected (other than file-based permissions)? Secondly, I cannot see a master-password file in the domain1/config directory of my SJSAS82 or GF2 installation - did I miss something? Thanks.
>
> Arshad
> [Message sent by forum member 'arshadnoor' (arshadnoor)]
>
> http://forums.java.net/jive/thread.jspa?messageID=341194
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>

_________________________________________________________________
Quick access to your favorite MSN content and Windows Live with Internet Explorer 8.
http://ie8.msn.com/microsoft/internet-explorer-8/en-us/ie8.aspx?ocid=B037MSN55C0701A