Managing Security of Passwords

Note – Enclose the alias password in single quotes as shown in the example.

3. Restart the Enterprise Server for the relevant domain.

Protecting Files with Encoded Passwords

Some files contain encoded passwords that need protecting using file system permissions. These files include the following:

domain-dir/master-password

This file contains the encoded master password and should be protected with file system permissions 600.

Any password file created to pass as an argument using the--passwordfile argument to asadmin should be protected with file system permissions 600.

Changing the Master Password

The master password (MP) is an overall shared password. It is never used for authentication and is never transmitted over the network. This password is the central point for overall security; the user can choose to enter it manually when required, or obscure it in a file. It is the most sensitive piece of data in the system. The user can force prompting for the master password by removing this file. When the master password is changed, it is re-saved in the master-password keystore, which is a Java JCEKS type keystore.

To change the master password, follow these steps:

1.Stop the Enterprise Server for the domain. Use the asadmin change-master-password command, which prompts for the old and new passwords, then re-encrypts all dependent items. For example:

asadmin change-master-password> Please enter the master password> Please enter the new master password>

Please enter the the new master password again>

2.Restart the Enterprise Server.

100

Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008

Page 100
Image 100
Sun Microsystems 820433510 manual Protecting Files with Encoded Passwords, Changing the Master Password