New src/jdk.management.agent/share/conf/jmxremote.password.template

   1 # ----------------------------------------------------------------------
   2 #           Template for jmxremote.password
   3 #
   4 # o Copy this template to jmxremote.password
   5 # o Set the user/password entries in jmxremote.password
   6 # o Change the permission of jmxremote.password to be accessible
   7 #   only by the owner.
   8 # o Passwords will be hashed by server if they are in clear.
   9 #
  10 
  11 ##############################################################
  12 #        Password File for Remote JMX Monitoring
  13 ##############################################################
  14 #
  15 # Password file for Remote JMX API access to monitoring.  This
  16 # file defines the different roles and their passwords.  The access
  17 # control file (jmxremote.access by default) defines the allowed
  18 # access for each role.  To be functional, a role must have an entry
  19 # in both the password and the access files.
  20 #
  21 # Default location of this file is $JRE/conf/management/jmxremote.password
  22 # You can specify an alternate location by specifying a property in
  23 # the management config file $JRE/conf/management/management.properties
  24 # or by specifying a system property (See that file for details).
  25 
  26 ##############################################################
  27 #    File format of the jmxremote.password file
  28 ##############################################################
  29 #
  30 # The file contains multiple lines where lines, where each line is blank,
  31 # a comment (like this one), or a password entry.
  32 #
  33 # A password entry consists of a role name and an associated
  34 # password. The role name is any string that does not itself contain
  35 # spaces or tabs. Passwords can be specified as clear text or Base64 encoded hash.
  36 #
  37 # Clear text password is any string that does not contain spaces or tabs.
  38 # Hashed passwords must follow below format.
  39 # hashedPassword = base64_encoded_salt W base64_encoded_hash W hash_algorithm
  40 # where,
  41 #   W = spaces
  42 #   base64_encoded_hash = Hash_algorithm(password + salt)
  43 #   hash_algorithm = Algorithm string specified using format below
  44 #       https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest
  45 #       Every java platform supports MD5,SHA-1,SHA-256 algorithms. 
  46 #       This is an optional field. If not specified SHA-256 will be assumed.
  47 #
  48 # If passwords are in clear, they will be over-written by their hash if 
  49 # hashing is requested and if password file can be written into.
  50 # 
  51 # In order to change password for a role, replace hashed password entry 
  52 # with clear text password or new hashed password. If new password is in clear,
  53 # it will be replaced with its hash when new login attempt is made.
  54 #
  55 # A given role should have at most one entry in this file.  If a role
  56 # has no entry, it has no access.
  57 # If multiple entries are found for the same role name, then the last one
  58 # is used.
  59 # 
  60 # User generated hashed password file can also be used instead of clear-text
  61 # password file. If generated by user, hashed passwords must follow
  62 # format specified above.
  63 
  64 ##############################################################
  65 #    File permissions of the jmxremote.password file
  66 ##############################################################
  67 #      This file must be made accessible by ONLY the owner.
  68 # In a typical installation, this file can be accessed by anybody on the
  69 # local machine, and possibly by people on other machines.
  70 # For security, you should either restrict the access to this file except for owner,
  71 # or specify another, less accessible file in the management config file
  72 # as described above.
  73 #
  74 
  75 ##############################################################
  76 #    Sample of the jmxremote.password file
  77 ##############################################################
  78 # Following are two commented-out entries.  The "measureRole" role has
  79 # password "QED".  The "controlRole" role has password "R&D". This is example
  80 # of specifying passwords in clear
  81 #
  82 #   monitorRole  QED
  83 #   controlRole  R&D
  84 # 
  85 # Once a login attempt is made, passwords will be hashed and the file will have 
  86 # below entries with clear passwords overwritten by their respective 
  87 # SHA-256 hash
  88 #
  89 #   monitorRole 818kn2GKCT1IqMKnJhwtmow8v/9cv++8bJbhjO+ugX0= WqoaqEAVub/PenLY2wxLMLCdPRa+rFCWCWM0Zh/wR38= SHA-256
  90 #   controlRole ALO98BOPW9rqvvtzzn7Lx7Q2uNWZdUf9PtY0g9aQ5lk= yobRA/4ygyJQTE2gEe4xQdYu7IexBHl0SSP9mEHFFhA= SHA-256
  91 # 
  92