Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-5907

Security guide documentation is missing step for encrypting datasource password

    XMLWordPrintable

    Details

    • Affects:
      Documentation (Ref Guide, User Guide, etc.)
    • Estimated Difficulty:
      Low
    • Release Notes Text:
      Hide
      The Security Guide released with earlier versions of the Enterprise Application Platform missed the instructions for encrypting the datasource password. The documentation now includes the step. The instructions to configure the <filename>server.password</filename> file by running the following command: <code>java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.FilePassword <replaceable>SALT</replaceable> <replaceable>COUNT</replaceable> <replaceable>MASTER_PASSWORD</replaceable> <replaceable>PASSWORD_FILE</replaceable></code>
      Show
      The Security Guide released with earlier versions of the Enterprise Application Platform missed the instructions for encrypting the datasource password. The documentation now includes the step. The instructions to configure the <filename>server.password</filename> file by running the following command: <code>java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.FilePassword <replaceable>SALT</replaceable> <replaceable>COUNT</replaceable> <replaceable>MASTER_PASSWORD</replaceable> <replaceable>PASSWORD_FILE</replaceable></code>
    • Release Notes Docs Status:
      Documented as Resolved Issue
    • Docs QE Status:
      ON_QA

      Description

      The instructions given at http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/sect-PBE.html are missing one of the steps. They say to configure the security domain to use the file "${jboss.server.home.dir}/conf/server.password", but it does not tell you what to put in this file.

      You need to run this, which will store the encryption details and obfuscated master password in the given file:
      java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.FilePassword $SALT $COUNT $MASTER_PASSOWRD $PASSWORD_FILE

      So for the example in the docs:
      java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.FilePassword abcdefgh 13 master jboss-as/server/$PROFILE/conf/server.password

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                rdickens Russell Dickenson
                Reporter:
                jameslivingston James Livingston
                Writer:
                Russell Dickenson
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: