1 # ---------------------------------------------------------------------- 2 # Template for jmxremote.password 3 # 4 # o Copy this template to jmxremote.password 5 # o Set the user/password entries in jmxremote.password 6 # o Change the permission of jmxremote.password to read-only 7 # by the owner. 8 # 9 # See below for the location of jmxremote.password file. 10 # ---------------------------------------------------------------------- 11 12 ############################################################## 13 # Password File for Remote JMX Monitoring 14 ############################################################## 15 # 16 # Password file for Remote JMX API access to monitoring. This 17 # file defines the different roles and their passwords. The access 18 # control file (jmxremote.access by default) defines the allowed 19 # access for each role. To be functional, a role must have an entry 20 # in both the password and the access files. 21 # 22 # Default location of this file is $JRE/conf/management/jmxremote.password 23 # You can specify an alternate location by specifying a property in 24 # the management config file $JRE/conf/management/management.properties 25 # or by specifying a system property (See that file for details). 26 27 28 ############################################################## 29 # File permissions of the jmxremote.password file 30 ############################################################## 31 # Since there are cleartext passwords stored in this file, 32 # this file must be readable by ONLY the owner, 33 # otherwise the program will exit with an error. 34 # 35 # The file format for password and access files is syntactically the same 36 # as the Properties file format. The syntax is described in the Javadoc 37 # for java.util.Properties.load. 38 # Typical password file has multiple lines, where each line is blank, 39 # a comment (like this one), or a password entry. 40 # 41 # 42 # A password entry consists of a role name and an associated 43 # password. The role name is any string that does not itself contain 44 # spaces or tabs. The password is again any string that does not 45 # contain spaces or tabs. Note that passwords appear in the clear in 46 # this file, so it is a good idea not to use valuable passwords. 47 # 48 # A given role should have at most one entry in this file. If a role 49 # has no entry, it has no access. 50 # If multiple entries are found for the same role name, then the last one 51 # is used. 52 # 53 # In a typical installation, this file can be read by anybody on the 54 # local machine, and possibly by people on other machines. 55 # For # security, you should either restrict the access to this file, 56 # or specify another, less accessible file in the management config file 57 # as described above. 58 # 59 # Following are two commented-out entries. The "measureRole" role has 60 # password "QED". The "controlRole" role has password "R&D". 61 # 62 # monitorRole QED 63 # controlRole R&D 64 | 1 # ---------------------------------------------------------------------- 2 # Template for jmxremote.password 3 # 4 # o Copy this template to jmxremote.password 5 # o Set the user/password entries in jmxremote.password 6 # o Change the permission of jmxremote.password to be accessible 7 # only by the owner. 8 # o The jmxremote.passwords file will be re-written by the server 9 to replace all plain text passwords with hashed passwords when 10 the file is read by the server. 11 # 12 13 ############################################################## 14 # Password File for Remote JMX Monitoring 15 ############################################################## 16 # 17 # Password file for Remote JMX API access to monitoring. This 18 # file defines the different roles and their passwords. The access 19 # control file (jmxremote.access by default) defines the allowed 20 # access for each role. To be functional, a role must have an entry 21 # in both the password and the access files. 22 # 23 # Default location of this file is $JRE/conf/management/jmxremote.password 24 # You can specify an alternate location by specifying a property in 25 # the management config file $JRE/conf/management/management.properties 26 # or by specifying a system property (See that file for details). 27 28 ############################################################## 29 # File format of the jmxremote.password file 30 ############################################################## 31 # 32 # The file contains multiple lines where each line is blank, 33 # a comment (like this one), or a password entry. 34 # 35 # password entry follows below syntax 36 # role_name W [clearPassword|hashedPassword] 37 # 38 # role_name is any string that does not itself contain spaces or tabs. 39 # W = spaces or tabs 40 # 41 # Passwords can be specified using clear text or via a hash. Clear text password 42 # is any string that does not contain spaces or tabs. Hashed passwords must 43 # follow the below format. 44 # hashedPassword = base64_encoded_salt W base64_encoded_hash W hash_algorithm 45 # where, 46 # base64_encoded_hash = Hash_algorithm(password + salt) 47 # W = spaces or tabs 48 # hash_algorithm = Algorithm string specified using format below 49 # https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest 50 # MD5, SHA-1 and SHA-256 are supported algorithms. 51 # This is an optional field. If not specified SHA-256 will be assumed. 52 # 53 # If passwords are in clear, they will be over-written by their hash if all of 54 # the below criteria are met. 55 # * com.sun.management.jmxremote.password.hashpasswords property is set to true in 56 # management.properties file 57 # * the password file is writable 58 # * the system security policy allows writing into the password file, if a 59 # security manager is configured 60 # 61 # In order to change password for a role, replace the hashed password entry 62 # with the clear text password or the new hashed password. If the new password 63 # is in clear, it will be replaced with its hash when a new login attempt is made. 64 # 65 # A given role should have at most one entry in this file. If a role 66 # has no entry, it has no access. 67 # If multiple entries are found for the same role name, then the last one 68 # is used. 69 # 70 # A user generated hashed password file can also be used instead of clear-text 71 # password file. If generated by user, hashed passwords must follow 72 # format specified above. 73 74 ############################################################## 75 # File permissions of the jmxremote.password file 76 ############################################################## 77 # This file must be made accessible by ONLY the owner, 78 # otherwise the program will exit with an error. 79 # 80 # In a typical installation, this file can be accessed by anybody on the 81 # local machine, and possibly by people on other machines. 82 # For security, you should either restrict the access to this file except for owner, 83 # or specify another, less accessible file in the management config file 84 # as described above. 85 # 86 87 ############################################################## 88 # Sample of the jmxremote.password file 89 ############################################################## 90 # Following are two commented-out entries. The "measureRole" role has 91 # password "QED". The "controlRole" role has password "R&D". This is example 92 # of specifying passwords in clear 93 # 94 # monitorRole QED 95 # controlRole R&D 96 # 97 # Once a login attempt is made, passwords will be hashed and the file will have 98 # below entries with clear passwords overwritten by their respective 99 # SHA-256 hash 100 # 101 # monitorRole 818kn2GKCT1IqMKnJhwtmow8v/9cv++8bJbhjO+ugX0= WqoaqEAVub/PenLY2wxLMLCdPRa+rFCWCWM0Zh/wR38= SHA-256 102 # controlRole ALO98BOPW9rqvvtzzn7Lx7Q2uNWZdUf9PtY0g9aQ5lk= yobRA/4ygyJQTE2gEe4xQdYu7IexBHl0SSP9mEHFFhA= SHA-256 103 # 104 |