geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish Jain (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-4896) Commands to a Secure JMX Connector require the SSL keyStorePassword to be specified on command line
Date Thu, 11 Feb 2010 14:54:28 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12832510#action_12832510
] 

Ashish Jain commented on GERONIMO-4896:
---------------------------------------

I think there is still some tweaking required to the patch. The patch uploaded does not allow
the users to use the conventional way of setting the password and locations in plain text.
Do we want this option be available to the users which is as follows.
export JAVA_OPTS="-Djavax.net.ssl.keyStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
-Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.trustStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
-Djavax.net.ssl.trustStorePassword=secret"
or else we want to completely disable the usage of plain text passwords??


> Commands to a Secure JMX Connector require the SSL keyStorePassword to be specified on
command line
> ---------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-4896
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4896
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>    Affects Versions: 2.1.5, 2.2, 3.0
>            Reporter: Kevan Miller
>            Assignee: Shawn Jiang
>             Fix For: 2.1.5, 3.0, Wish List
>
>         Attachments: 4896.patch, 4896_updated.patch, 4896_updated_21.patch, JavaAgent.jar,
JvmOpts.java
>
>
> To my knowledge, it is not possible to run a Geronimo command (e.g. deploy.sh deploy
or gsh geronimo/stop-server) to a server with a secure JMX Connector (running SSL, without
specifying the following Java system properties on the command line:
>    javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword
> For example:
> {code}
> export GERONIMO_HOME=~/target/geronimo-jetty6-javaee5-2.2-SNAPSHOT
> export JAVA_OPTS="-Djavax.net.ssl.keyStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
-Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.trustStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
-Djavax.net.ssl.trustStorePassword=secret"
> $GERONIMO_HOME/bin/deploy.sh -u system -p manager --secure list-modules --stopped
> {code}
> javax.net.ssl.keyStorePassword causes a problem, since this means the keyStorePassword
is available, in-the-clear, to someone inspecting executing processes. For example while a
deploy command was active, someone could run 'ps auxww | grep deployer.jar' and discover the
keyStorePassword for the KeyStore.
> Geronimo should provide a mechanism, whereby users can specify the keyStorePassword without
making that secret available to anyone inspecting processes running on the current system.
Ideally, the password could be encrypted/obfuscated within a file (just as passwords can be
encrypted/obfuscated in var/config/config.xml).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message