jmxremote.password.template 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115
  1. # ----------------------------------------------------------------------
  2. # Template for jmxremote.password
  3. #
  4. # o Copy this template to jmxremote.password
  5. # o Set the user/password entries in jmxremote.password
  6. # o Change the permission of jmxremote.password to be accessible
  7. # only by the owner.
  8. # o The jmxremote.passwords file will be re-written by the server
  9. # to replace all plain text passwords with hashed passwords when
  10. # the file is read by the server.
  11. #
  12. ##############################################################
  13. # Password File for Remote JMX Monitoring
  14. ##############################################################
  15. #
  16. # Password file for Remote JMX API access to monitoring. This
  17. # file defines the different roles and their passwords. The access
  18. # control file (jmxremote.access by default) defines the allowed
  19. # access for each role. To be functional, a role must have an entry
  20. # in both the password and the access files.
  21. #
  22. # Default location of this file is $JRE/conf/management/jmxremote.password
  23. # You can specify an alternate location by specifying a property in
  24. # the management config file $JRE/conf/management/management.properties
  25. # or by specifying a system property (See that file for details).
  26. ##############################################################
  27. # File format of the jmxremote.password file
  28. ##############################################################
  29. #
  30. # The file contains multiple lines where each line is blank,
  31. # a comment (like this one), or a password entry.
  32. #
  33. # password entry follows the below syntax
  34. # role_name W [clearPassword|hashedPassword]
  35. #
  36. # role_name is any string that does not itself contain spaces or tabs.
  37. # W = spaces or tabs
  38. #
  39. # Passwords can be specified via clear text or via a hash. Clear text password
  40. # is any string that does not contain spaces or tabs. Hashed passwords must
  41. # follow the below format.
  42. # hashedPassword = base64_encoded_64_byte_salt W base64_encoded_hash W hash_algorithm
  43. # where,
  44. # base64_encoded_64_byte_salt = 64 byte random salt
  45. # base64_encoded_hash = Hash_algorithm(password + salt)
  46. # W = spaces or tabs
  47. # hash_algorithm = Algorithm string specified using the format below
  48. # https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#messagedigest-algorithms
  49. # This is an optional field. If not specified, SHA3-512 will be assumed.
  50. #
  51. # If passwords are in clear, they will be overwritten by their hash if all of
  52. # the below criteria are met.
  53. # * com.sun.management.jmxremote.password.toHashes property is set to true in
  54. # management.properties file
  55. # * the password file is writable
  56. # * the system security policy allows writing into the password file, if a
  57. # security manager is configured
  58. #
  59. # In order to change the password for a role, replace the hashed password entry
  60. # with a new clear text password or a new hashed password. If the new password
  61. # is in clear, it will be replaced with its hash when a new login attempt is made.
  62. #
  63. # A given role should have at most one entry in this file. If a role
  64. # has no entry, it has no access.
  65. # If multiple entries are found for the same role name, then the last one
  66. # is used.
  67. #
  68. # A user generated hashed password file can also be used instead of clear-text
  69. # password file. If generated by the user, hashed passwords must follow the
  70. # format specified above.
  71. #
  72. # Caution: It is recommended not to edit the password file while the
  73. # agent is running, as edits could be lost if a client connection triggers the
  74. # hashing of the password file at the same time that the file is externally modified.
  75. # The integrity of the file is guaranteed, but any external edits made to the
  76. # file during the short period between the time that the agent reads the file
  77. # and the time that it writes it back might get lost
  78. ##############################################################
  79. # File permissions of the jmxremote.password file
  80. ##############################################################
  81. # This file must be made accessible by ONLY the owner,
  82. # otherwise the program will exit with an error.
  83. #
  84. # In a typical installation, this file can be accessed by anybody on the
  85. # local machine, and possibly by people on other machines.
  86. # For security, you should either restrict the access to this file except for owner,
  87. # or specify another, less accessible file in the management config file
  88. # as described above.
  89. #
  90. # In order to prevent inadverent edits to the password file in the
  91. # production environment, it is recommended to deploy a read-only
  92. # hashed password file. The hashed entries for clear passwords can be generated
  93. # in advance by running the JMX agent.
  94. #
  95. ##############################################################
  96. # Sample of the jmxremote.password file
  97. ##############################################################
  98. # Following are two commented-out entries. The "monitorRole" role has
  99. # password "QED". The "controlRole" role has password "R&D". This is an example
  100. # of specifying passwords in the clear
  101. #
  102. # monitorRole QED
  103. # controlRole R&D
  104. #
  105. # Once a login attempt is made, passwords will be hashed and the file will have
  106. # below entries with clear passwords overwritten by their respective
  107. # SHA3-512 hash
  108. #
  109. # monitorRole trilby APzBTt34rV2l+OMbuvbnOQ4si8UZmfRCVbIY1+fAofV5CkQzXS/FDMGteQQk/R3q1wtt104qImzJEA7gCwl6dw== 4EeTdSJ7X6Imu0Mb+dWqIns7a7QPIBoM3NB/XlpMQSPSicE7PnlALVWn2pBY3Q3pGDHyAb32Hd8GUToQbUhAjA== SHA3-512
  110. # controlRole roHEJSbRqSSTII4Z4+NOCV2OJaZVQ/dw153Fy2u4ILDP9XiZ426GwzCzc3RtpoqNMwqYIcfdd74xWXSMrWtGaA== w9qDsekgKn0WOVJycDyU0kLBa081zbStcCjUAVEqlfon5Sgx7XHtaodbmzpLegA1jT7Ag36T0zHaEWRHJe2fdA== SHA3-512
  111. #