< prev index next >
src/jdk.management.agent/share/conf/jmxremote.password.template
Print this page
*** 1,15 ****
# ----------------------------------------------------------------------
# Template for jmxremote.password
#
# o Copy this template to jmxremote.password
# o Set the user/password entries in jmxremote.password
! # o Change the permission of jmxremote.password to read-only
! # by the owner.
#
- # See below for the location of jmxremote.password file.
- # ----------------------------------------------------------------------
##############################################################
# Password File for Remote JMX Monitoring
##############################################################
#
--- 1,14 ----
# ----------------------------------------------------------------------
# Template for jmxremote.password
#
# o Copy this template to jmxremote.password
# o Set the user/password entries in jmxremote.password
! # o Change the permission of jmxremote.password to be accessible
! # only by the owner.
! # o Passwords will be hashed by server if they are in clear.
#
##############################################################
# Password File for Remote JMX Monitoring
##############################################################
#
*** 22,64 ****
# Default location of this file is $JRE/conf/management/jmxremote.password
# You can specify an alternate location by specifying a property in
# the management config file $JRE/conf/management/management.properties
# or by specifying a system property (See that file for details).
-
##############################################################
! # File permissions of the jmxremote.password file
##############################################################
- # Since there are cleartext passwords stored in this file,
- # this file must be readable by ONLY the owner,
- # otherwise the program will exit with an error.
- #
- # The file format for password and access files is syntactically the same
- # as the Properties file format. The syntax is described in the Javadoc
- # for java.util.Properties.load.
- # Typical password file has multiple lines, where each line is blank,
- # a comment (like this one), or a password entry.
#
#
# A password entry consists of a role name and an associated
# password. The role name is any string that does not itself contain
! # spaces or tabs. The password is again any string that does not
! # contain spaces or tabs. Note that passwords appear in the clear in
! # this file, so it is a good idea not to use valuable passwords.
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last one
# is used.
#
! # In a typical installation, this file can be read by anybody on the
# local machine, and possibly by people on other machines.
! # For # security, you should either restrict the access to this file,
# or specify another, less accessible file in the management config file
# as described above.
#
# Following are two commented-out entries. The "measureRole" role has
! # password "QED". The "controlRole" role has password "R&D".
#
# monitorRole QED
# controlRole R&D
--- 21,92 ----
# Default location of this file is $JRE/conf/management/jmxremote.password
# You can specify an alternate location by specifying a property in
# the management config file $JRE/conf/management/management.properties
# or by specifying a system property (See that file for details).
##############################################################
! # File format of the jmxremote.password file
##############################################################
#
+ # The file contains multiple lines where lines, where each line is blank,
+ # a comment (like this one), or a password entry.
#
# A password entry consists of a role name and an associated
# password. The role name is any string that does not itself contain
! # spaces or tabs. Passwords can be specified as clear text or Base64 encoded hash.
! #
! # Clear text password is any string that does not contain spaces or tabs.
! # Hashed passwords must follow below format.
! # hashedPassword = base64_encoded_salt W base64_encoded_hash W hash_algorithm
! # where,
! # W = spaces
! # base64_encoded_hash = Hash_algorithm(password + salt)
! # hash_algorithm = Algorithm string specified using format below
! # https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest
! # Every java platform supports MD5,SHA-1,SHA-256 algorithms.
! # This is an optional field. If not specified SHA-256 will be assumed.
! #
! # If passwords are in clear, they will be over-written by their hash if
! # hashing is requested and if password file can be written into.
! #
! # In order to change password for a role, replace hashed password entry
! # with clear text password or new hashed password. If new password is in clear,
! # it will be replaced with its hash when new login attempt is made.
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last one
# is used.
#
! # User generated hashed password file can also be used instead of clear-text
! # password file. If generated by user, hashed passwords must follow
! # format specified above.
!
! ##############################################################
! # File permissions of the jmxremote.password file
! ##############################################################
! # This file must be made accessible by ONLY the owner.
! # In a typical installation, this file can be accessed by anybody on the
# local machine, and possibly by people on other machines.
! # For security, you should either restrict the access to this file except for owner,
# or specify another, less accessible file in the management config file
# as described above.
#
+
+ ##############################################################
+ # Sample of the jmxremote.password file
+ ##############################################################
# Following are two commented-out entries. The "measureRole" role has
! # password "QED". The "controlRole" role has password "R&D". This is example
! # of specifying passwords in clear
#
# monitorRole QED
# controlRole R&D
+ #
+ # Once a login attempt is made, passwords will be hashed and the file will have
+ # below entries with clear passwords overwritten by their respective
+ # SHA-256 hash
+ #
+ # monitorRole 818kn2GKCT1IqMKnJhwtmow8v/9cv++8bJbhjO+ugX0= WqoaqEAVub/PenLY2wxLMLCdPRa+rFCWCWM0Zh/wR38= SHA-256
+ # controlRole ALO98BOPW9rqvvtzzn7Lx7Q2uNWZdUf9PtY0g9aQ5lk= yobRA/4ygyJQTE2gEe4xQdYu7IexBHl0SSP9mEHFFhA= SHA-256
+ #
< prev index next >