users@glassfish.java.net

Re: Starting local standalone instances from admin console

From: Tom Mueller <tom.mueller_at_oracle.com>
Date: Thu, 05 Apr 2012 17:22:39 -0500

On 4/5/2012 4:02 PM, Laird Nelson wrote:
> On Thu, Apr 5, 2012 at 3:55 PM, Tom Mueller <tom.mueller_at_oracle.com
> <mailto:tom.mueller_at_oracle.com>> wrote:
>
> It looks like you have the master password set to a non-default
> value, and you did not use the --save option.
>
>
> That is correct.
>
> With that configuration, it is indeed impossible to start an
> instance (on any type of node) from the console. Also, the
> "asadmin start-instance" command will not work either. You would
> have to use asadmin start-local-instance, which has the ability to
> prompt for the master password.
>
>
> OK...what are the implications here? Is this to say that if I'm
> putting together some early tentative plans for GlassFish
> administrators I should tell them to leave the default master password
> as "changeit"?
>
> The docs mention that when you change the master password using the
> --save option is deprecated:
Sorry, I should have said --savemasterpassword (that's what I get for
not checking the manual).
>
> --savemasterpassword
> This option indicates whether the master password should be written to
> the file system. This is necessary so that the start-domain(1) command
> can start the server without having to prompt the user.
> The default is false.
> Caution: Saving the master password on disk is extremely insecure
> and should be avoided.
>
> (Hence when I changed the master password I didn't select this
> option.) So that would seem to reduce to:
>
> Either I can have centralized administration or a non-default master
> password, but not both.
>
> Is that accurate?
The "extremely insecure" is really about how secure the file system is
on the systems that are hosting the instances and the security of the
systems themselves. The question of being able to have centralized
instance startup when using a non-default master password is really one
of whether one wants the master password to be passed across the
network. The former would require the latter, and the GF design does not
do it for that reason.

Tom
>
> Best,
> Laird
>
> --
> http://about.me/lairdnelson
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.