Passing Additional Passwords for a PKCS#11 Crypto Device (Sun GlassFish Enterprise Server 2.1 Administration Guide)

Sun GlassFish Enterprise Server 2.1 Administration Guide

Passing Additional Passwords for a PKCS#11 Crypto Device

For standard parameters, you can create a password alias in the password file. For example, you can create a password alias for the admin password as follows:

AS_ADMIN_PASSWORD=${ALIAS=adminpassword}

To pass in additional (non-standard) passwords, you need to create an entry in the password file and use the create-password-alias command for that entry.

For a PKCS#11 crypto-device that works with GlassFish, add an entry, as follows, to the GlassFish password file.

AS_ADMIN_<tokenname>=<password>

Then create a password alias. For example, if you are using the Sun Metaslot device with GlassFish, the asadmin start-domain command would prompt for password as follows:

asadmin start-domain Starting Domain domain1, please wait. 
Default Log location is /opt/glassfish/domains/domain1/logs/server.log. 
Please enter password for NSS slot Sun Metaslot>

To pass this non-standard password as an additional password, do the following:

Add an entry to the GlassFish password file (specified by the --passwordfile option) as follows:
AS_ADMIN_Sun\Metaslot=sunmetaslotpassword

Create the password alias as follows:

asadmin> create-password-alias --user admin --passwordfile mypwdfile abc123

Replace the password in the GlassFish password file with the alias password as follows:
AS_ADMIN_Sun\Metaslot=${ALIAS=abc123}