com.sun.enterprise.config.serverbeans.enable-secure-admin-internal-user.1 Maven / Gradle / Ivy
The newest version!
enable-secure-admin-internal-user(1) asadmin Utility Subcommands enable-secure-admin-internal-user(1)
NAME
enable-secure-admin-internal-user - Instructs the GlassFish Server DAS
and instances to use the specified admin user and the password
associated with the password alias to authenticate with each other and
to authorize admin operations.
SYNOPSIS
enable-secure-admin-internal-user
[--help]
[--passwordalias pwdaliasname]
admin-username
DESCRIPTION
The enable-secure-admin-internal-user subcommand instructs all servers
in the domain to authenticate to each other, and to authorize admin
operations submitted to each other, using an existing admin username
and password rather than SSL certificates. This generally means that
you must:
1. Create a valid admin user.
asadmin> create-file-user --authrealmname admin-realm --groups
asadmin newAdminUsername
2. Create a password alias for the just-created password.
asadmin> create-password-alias passwordAliasName
3. Use that user name and password for inter-process authentication
and admin authorization.
asadmin> enable-secure-admin-internal-user
--passwordalias passwordAliasName
newAdminUsername
If GlassFish Server finds at least one secure admin internal user, then
if secure admin is enabled GlassFish Server processes will not use SSL
authentication and authorization with each other and will instead use
username password pairs.
If secure admin is enabled, all GlassFish Server processes continue to
use SSL encryption to secure the content of the admin messages,
regardless of how they authenticate to each other.
Most users who use this subcommand will need to set up only one secure
admin internal user. As a general practice, you should not use the same
user name and password pair for internal admin communication and for
admin user login.
If you set up more than one secure admin internal user, you should not
make any assumptions about which user name and password pair GlassFish
Server will choose to use for any given admin request.
OPTIONS
--help, -?
Displays the help text for the subcommand.
--passwordalias
The password alias for the user that GlassFish Server should use
for internally authenticating and authorizing the DAS to instances
and the instances to the DAS.
OPERANDS
admin-username
The admin user name that GlassFish Server should use for internally
authenticating and authorizing the DAS to instances and the
instances to the DAS.
EXAMPLES
Example 1, Specifying a user name and password for secure admin
The following example allows secure admin to use a user name and
password alias for authentication and authorization between the DAS
and instances, instead of certificates.
asadmin> enable-secure-admin-internal-user
--passwordalias passwordAliasName
newAdminUsername
EXIT STATUS
0
subcommand executed successfully
1
error in executing the subcommand
SEE ALSO
enable-secure-admin(1)
disable-secure-admin-internal-user(1)
asadmin(1M)
Jakarta EE 10 09 Aug 2017 enable-secure-admin-internal-user(1)