1 # ---------------------------------------------------------------------- 2 # Template for jmxremote.password 3 # 4 # o Copy this template to jmxremote.password 5 # o Set the user/password entries in jmxremote.password 6 # o Change the permission of jmxremote.password to be accessible 7 # only by the owner. 8 # o Passwords will be hashed by server if they are in clear. 9 # 10 11 ############################################################## 12 # Password File for Remote JMX Monitoring 13 ############################################################## 14 # 15 # Password file for Remote JMX API access to monitoring. This 16 # file defines the different roles and their passwords. The access 17 # control file (jmxremote.access by default) defines the allowed 18 # access for each role. To be functional, a role must have an entry 19 # in both the password and the access files. 20 # 21 # Default location of this file is $JRE/conf/management/jmxremote.password 22 # You can specify an alternate location by specifying a property in 23 # the management config file $JRE/conf/management/management.properties 24 # or by specifying a system property (See that file for details). 25 26 ############################################################## 27 # File format of the jmxremote.password file 28 ############################################################## 29 # 30 # The file contains multiple lines where lines, where each line is blank, 31 # a comment (like this one), or a password entry. 32 # 33 # A password entry consists of a role name and an associated 34 # password. The role name is any string that does not itself contain 35 # spaces or tabs. Passwords can be specified as clear text or Base64 encoded hash. 36 # 37 # Clear text password is any string that does not contain spaces or tabs. 38 # Hashed passwords must follow below format. 39 # hashedPassword = base64_encoded_salt W base64_encoded_hash W hash_algorithm 40 # where, 41 # W = spaces 42 # base64_encoded_hash = Hash_algorithm(password + salt) 43 # hash_algorithm = Algorithm string specified using format below 44 # https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest 45 # Every java platform supports MD5,SHA-1,SHA-256 algorithms. 46 # This is an optional field. If not specified SHA-256 will be assumed. 47 # 48 # If passwords are in clear, they will be over-written by their hash if 49 # hashing is requested and if password file can be written into. 50 # 51 # In order to change password for a role, replace hashed password entry 52 # with clear text password or new hashed password. If new password is in clear, 53 # it will be replaced with its hash when new login attempt is made. 54 # 55 # A given role should have at most one entry in this file. If a role 56 # has no entry, it has no access. 57 # If multiple entries are found for the same role name, then the last one 58 # is used. 59 # 60 # User generated hashed password file can also be used instead of clear-text 61 # password file. If generated by user, hashed passwords must follow 62 # format specified above. 63 64 ############################################################## 65 # File permissions of the jmxremote.password file 66 ############################################################## 67 # This file must be made accessible by ONLY the owner. 68 # In a typical installation, this file can be accessed by anybody on the 69 # local machine, and possibly by people on other machines. 70 # For security, you should either restrict the access to this file except for owner, 71 # or specify another, less accessible file in the management config file 72 # as described above. 73 # 74 75 ############################################################## 76 # Sample of the jmxremote.password file 77 ############################################################## 78 # Following are two commented-out entries. The "measureRole" role has 79 # password "QED". The "controlRole" role has password "R&D". This is example 80 # of specifying passwords in clear 81 # 82 # monitorRole QED 83 # controlRole R&D 84 # 85 # Once a login attempt is made, passwords will be hashed and the file will have 86 # below entries with clear passwords overwritten by their respective 87 # SHA-256 hash 88 # 89 # monitorRole 818kn2GKCT1IqMKnJhwtmow8v/9cv++8bJbhjO+ugX0= WqoaqEAVub/PenLY2wxLMLCdPRa+rFCWCWM0Zh/wR38= SHA-256 90 # controlRole ALO98BOPW9rqvvtzzn7Lx7Q2uNWZdUf9PtY0g9aQ5lk= yobRA/4ygyJQTE2gEe4xQdYu7IexBHl0SSP9mEHFFhA= SHA-256 91 # 92