users@glassfish.java.net

Re: secure admin in 3.1.2

From: Tim Quinn <tim.quinn_at_oracle.com>
Date: Thu, 1 Mar 2012 18:32:16 -0600

On Mar 1, 2012, at 5:01 PM, Comerford, Sean wrote:

> No explanation necessary, I was joking (but clearly failed).

It's not you, it's me! Long day.

- Tim

>
> The name is 100% completely self explanatory and I was I feel even
> dumber for having asked the dumb question "How do I enable secure
> admin" :-)
>
> Nice job with 3.1.2 glassfish team!
>
> --
> Sean Comerford
> ESPN.com Site Architecture
>
> From: Tim Quinn <tim.quinn_at_oracle.com>
> Reply-To: "users_at_glassfish.java.net" <users_at_glassfish.java.net>
> Date: Thu, 1 Mar 2012 17:28:37 -0500
> To: "users_at_glassfish.java.net" <users_at_glassfish.java.net>
> Subject: Re: secure admin in 3.1.2
>
>
> On Mar 1, 2012, at 3:50 PM, Comerford, Sean wrote:
>
>> Thanks John… that's a VERY confusing name for the command ;-)
>
> By way of explanation (not excuse!)... In earlier releases, enable-
> secure-admin did two things: it allowed remote admin and also caused
> GlassFish to use SSL for admin traffic from the DAS to the instances.
>
> In 3.1.2 the DAS-to-instance admin traffic is always encrypted using
> SSL, so the only function of enable-/disable-secure-admin now is to
> turn on/off remote administration. We kept the original command
> name for compatibility reasons, even though I suppose "enable-secure-
> remote-admin" might have been clearer (if more verbose!).
>
> Keeping the original name also gives us the flexibility of folding
> in additional security-related changes to admin behavior in possible
> future releases of "enable-secure-admin."
>
> But I agree, taken at face-value the current name doesn't map as
> directly to its function as it once did.
>
> - Tim
>
>
>
>>
>> --
>> Sean Comerford
>> ESPN.com Site Architecture
>>
>> From: "John.clingan_at_oracle.com" <John.clingan_at_oracle.com>
>> Reply-To: "users_at_glassfish.java.net" <users_at_glassfish.java.net>
>> Date: Thu, 1 Mar 2012 16:15:55 -0500
>> To: "users_at_glassfish.java.net" <users_at_glassfish.java.net>
>> Subject: Re: secure admin in 3.1.2
>>
>> asadmin enable-secure-admin --help
>>
>>
>> On Mar 1, 2012, at 1:12 PM, Comerford, Sean wrote:
>>
>>> Dumb question – how do I enable secure admin in 3.1.2?
>>>
>>> When I created my domain, I specified a user / pass but when I try
>>> to access admin console remotely I get
>>>
>>> "Secure Admin must be enabled to access the DAS remotely."
>>>
>>> --
>>> Sean Comerford
>>> ESPN.com Site Architecture
>>
>>
>> Please consider the environment before printing this e-mail.
>