Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-5907

Security guide documentation is missing step for encrypting datasource password

XMLWordPrintable

    • Documentation (Ref Guide, User Guide, etc.)
    • Low
    • Hide
      The Security Guide released with earlier versions of the Enterprise Application Platform missed the instructions for encrypting the datasource password. The documentation now includes the step. The instructions to configure the <filename>server.password</filename> file by running the following command: <code>java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.FilePassword <replaceable>SALT</replaceable> <replaceable>COUNT</replaceable> <replaceable>MASTER_PASSWORD</replaceable> <replaceable>PASSWORD_FILE</replaceable></code>
      Show
      The Security Guide released with earlier versions of the Enterprise Application Platform missed the instructions for encrypting the datasource password. The documentation now includes the step. The instructions to configure the <filename>server.password</filename> file by running the following command: <code>java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.FilePassword <replaceable>SALT</replaceable> <replaceable>COUNT</replaceable> <replaceable>MASTER_PASSWORD</replaceable> <replaceable>PASSWORD_FILE</replaceable></code>
    • Documented as Resolved Issue
    • ON_QA

      The instructions given at http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/sect-PBE.html are missing one of the steps. They say to configure the security domain to use the file "${jboss.server.home.dir}/conf/server.password", but it does not tell you what to put in this file.

      You need to run this, which will store the encryption details and obfuscated master password in the given file:
      java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.FilePassword $SALT $COUNT $MASTER_PASSOWRD $PASSWORD_FILE

      So for the example in the docs:
      java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.FilePassword abcdefgh 13 master jboss-as/server/$PROFILE/conf/server.password

              rdickens_jira Russell Dickenson (Inactive)
              rhn-support-jlivings James Livingston (Inactive)
              Russell Dickenson Russell Dickenson (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: