In this release of the Application Server, the file domain.xml, which contains the specifications for a particular domain, initially contains the password of the Sun Java System Message Queue broker in clear text. The element in the domain.xml file that contains this password is the admin-password attribute of the jms-host element. Because this password is not changeable at installation time, it is not a significant security impact.
However, use the Admin Console to add users and resources and assign passwords to these users and resources. Some of these passwords are written to the domain.xml file in clear text, for example, passwords for accessing a database. Having these passwords in clear text in the domain.xml file can present a security hazard. You can encrypt any password in domain.xml, including the admin-password attribute or a database password using the following procedure.
From the directory where the domain.xml file resides (domain-dir/config by default), run the following asadmin command:
asadmin create-password-alias --user admin alias-name |
For example,
asadmin create-password-alias --user admin jms-password |
A password prompt appears (admin in this case). Refer to the man pages for the create-password-alias, list-password-aliases, delete-password-alias commands for more information.
Remove and replace the password in domain.xml using the asadmin set command. For example:
asadmin set --user admin server.jms-service.jms-host.default_JMS_host.admin-password='${ALIAS=jms-password}' |
Restart the Application Server for the relevant domain.
Some files contain encoded passwords that need protecting using file system permissions. These files include the following:
domain-dir/master-password
This file contains the encoded master password and should be protected with file system permission, 600.
Any password file created to pass as an argument using the --passwordfile argument to asadmin should be protected with file system permission, 600.
The master password (MP) is an overall shared password. It is never used for authentication and is never transmitted over the network. This password is the choke point for overall security; the user can choose to enter it manually when required, or obscure it in a file. It is the most sensitive piece of data in the system. The user can force prompting for the MP by removing this file. When the master password is changed, it is saved again in the master-password keystore.
Stop the Application Server for the domain. Use the asadmin change-master-password command, which prompts for the old and new passwords, then re-encrypts all dependent items. For example,
asadmin change-master-password> Please enter the new master password> Please enter the the new master password again> |
Restart the Application Server.
Encrypting the admin password was discussed in Managing Security of Passwords. Encrypting the admin password is strongly encouraged. If you want to change the admin password before encrypting it, use the asadmin set command. The following example shows the use of set command for changing the password:
asadmin set --user admin server.jms-service.jms-host.default_JMS_host.admin-password=new_pwd |
It is also possible to change the admin password using the Admin Console as in the following procedure.
In the Admin Console tree component, expand the Configuration node.
Expand the Security node.
Expand the Realms node.
Select the admin-realm node.
Click the Manage Users button from the Edit Realm page.
Select the user named admin.
Enter the new password and confirm the password.
Click Save to save or click Close to close without saving.