-
1. Re: In jboss-as-7.1.0.Beta1 CLI gets connected without asking for username and password
morphy Nov 27, 2011 4:59 AM (in response to rhacker)try a search here https://issues.jboss.org/browse/AS7
i can reproduce the issue both in domain and standalone...
-
3. Re: In jboss-as-7.1.0.Beta1 CLI gets connected without asking for username and password
rhusar Nov 27, 2011 6:22 PM (in response to rhacker)1 of 1 people found this helpfulHi Rayan,
AFAIK this is not a bug, this is intentional. If you are logging in from localhost and your management ports are listening on localhost (on the same machine), you already do have full access to the machine, thus there is very little benefit in adding security when logging from localhost. Try connecting from a remote host and you will see that you will be promted for password as you expect. You can probably close the issue or make it into documentation one.
HTH,
Rado
-
4. Re: In jboss-as-7.1.0.Beta1 CLI gets connected without asking for username and password
jaikiran Nov 27, 2011 11:44 PM (in response to rhusar)1 of 1 people found this helpfulThis isn't a bug and is intentional. See "Local Clients" section in the wiki documentation http://community.jboss.org/wiki/AS710Beta1-SecurityEnabledByDefault
-
5. Re: In jboss-as-7.1.0.Beta1 CLI gets connected without asking for username and password
dlofthouse Nov 28, 2011 5:52 AM (in response to jaikiran)We are getting a few users wondering what is happening with the silent authentication so I have created the following issue to look at if we can add a message to the CLI: -
-
6. Re: In jboss-as-7.1.0.Beta1 CLI gets connected without asking for username and password
rhacker Nov 28, 2011 11:46 AM (in response to dlofthouse)Thanks guys for all your help...
However When I am trying to connect from remote host using a *.cli file I am not able to connect. What is the correct way to do so?
./jboss-admin.sh --file=test.cli
test.cli
connect controller=100.100.100.100
-user admin -password admin
OR
test.cli
connect controller=100.100.100.100
admin admin
Where: 100.100.100.100 is the IP on which my JBoss node is running on
-
7. Re: In jboss-as-7.1.0.Beta1 CLI gets connected without asking for username and password
dlofthouse Nov 28, 2011 11:56 AM (in response to rhacker)You would first need to add a user to the remote server.
Beta1 now contains an add-user.sh or add-user.bat to guide you through this.
A user of admin with password admin would not be accepted however so you would need to pick something slightly harder to guess.
-
8. Re: In jboss-as-7.1.0.Beta1 CLI gets connected without asking for username and password
rhacker Nov 29, 2011 6:12 AM (in response to dlofthouse)I have tried with the follwoing password as well after using the add-user.sh and non of them worked
test.cli
connect controller=100.100.100.100
--user admin --password admin123
$ ./jboss-admin.sh --file=test.cli
The controller is not available at controller=100.100.100.100
'--user' is not a valid operation name.
The command is not available in the current context (e.g. required subsystems or connection to the controller might be unavailable).
OR
test.cli
connect controller=100.100.100.100
-user admin -password admin123
$ ./jboss-admin.sh --file=test.cli
The controller is not available at controller=100.100.100.100
'-user' is not a valid operation name.
The command is not available in the current context (e.g. required subsystems or connection to the controller might be unavailable).
OR
test.cli
connect controller=100.100.100.100
user admin password admin123
./jboss-admin.sh --file=test.cli
The controller is not available at controller=100.100.100.100
Unexpected command 'user admin password admin123'. Type 'help' for the list of supported commands.
The command is not available in the current context (e.g. required subsystems or connection to the controller might be unavailable).
OR
test.cli
connect controller=100.100.100.100
admin admin123
./jboss-admin.sh --file=test.cli
The controller is not available at controller=100.100.100.100
Unexpected command 'user admin password admin123'. Type 'help' for the list of supported commands.
The command is not available in the current context (e.g. required subsystems or connection to the controller might be unavailable).
Where as with same password using the below command it works fine (i.e. without *.cli file)
$ ./jboss-admin.sh --connect controller=100.100.100.100
Authenticating against security realm: ManagementRealm
Username: admin
Password:
[standalone@100.100.100.100:9999 /]
-
9. Re: In jboss-as-7.1.0.Beta1 CLI gets connected without asking for username and password
dlofthouse Nov 29, 2011 6:35 AM (in response to rhacker)Sorry mis-read your initial post - you can not specify the username and password in the cli file, the --user and --password arguments need to passed to the jboss-admin.sh call
-
10. Re: In jboss-as-7.1.0.Beta1 CLI gets connected without asking for username and password
rhacker Nov 29, 2011 7:51 AM (in response to dlofthouse)Darran thank you for helping me on this issue.
I had to fix my test.cli file, the correct way to connect with the remote host is without using the "controller=" and directly giving the IP
test.cli
connect 100.100.100.100
ls
$ ./jboss-admin.sh --file=test.cli
Authenticating against security realm: ManagementRealm
Username: admin
Password:
core-service deployment extension interface path socket-binding-group
subsystem system-property launch-type=STANDALONE name=localhost.localdomain namespaces=[] process-type=Server
profile-name=undefined release-codename=Tesla release-version=7.1.0.Beta1 schema-locations=[] server-state=running
Now when I try to set the user and password (clear text) in last-lin of jboss-admin.sh and use the above test.cli it work fine
jboss-admin.sh
eval \"$JAVA\" $JAVA_OPTS -jar \"$JBOSS_HOME/jboss-modules.jar\" -logmodule "org.jboss.logmanager" -mp \"$JBOSS_HOME/modules\" org.jboss.as.cli '--user=admin --password=admin123 "$@"'
$ ./jboss-admin.sh --file=test.cli
core-service
deployment
extension
interface
path
socket-binding-group
subsystem
system-property
launch-type=STANDALONE
name=localhost.localdomain
namespaces=[]
process-type=Server
profile-name=undefined
release-codename=Tesla
release-version=7.1.0.Beta1
schema-locations=[]
server-state=running
However when I try to use the encrypted password of the remote server in jboss-admin.sh as shwon below it does not work
eval \"$JAVA\" $JAVA_OPTS -jar \"$JBOSS_HOME/jboss-modules.jar\" -logmodule "org.jboss.logmanager" -mp \"$JBOSS_HOME/modules\" org.jboss.as.cli '--user=admin --password=6649f2d0da3c330e7793f094b8bdde0f "$@"'
]$ ./jboss-admin.sh --file=test.cli
Unable to authenticate against controller at 100.100.100.100:9999
The command is not available in the current context (e.g. required subsystems or connection to the controller might be unavailable).
Is there a way to use the encrypted password ?
-
11. Re: In jboss-as-7.1.0.Beta1 CLI gets connected without asking for username and password
dlofthouse Nov 29, 2011 7:55 AM (in response to rhacker)Just to clarify, the password on the remote server is not an encrypted password but a pre-hashed password to make to useable with that realm only.
It is not possible to use the pre-hashed form on the clients as this undermines the hashing on the server side - once both sides are using the same value it is no longer a pre-hashed password but just a long ranomly generated hex plain text password. If you want passwords of that form I would suggest just generating a random password in the first place so neither side is in an easily guessable form.