Skip Headers
Oracle GlassFish Server Reference Manual
Release 3.1.2

Part Number E24938-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

enable-secure-admin-internal-user

Instructs the GlassFish Server DAS and instances to use the specified admin user and the password associated with the password alias to authenticate with each other and to authorize admin operations.

Synopsis

enable-secure-admin-internal-user 
[--help] 
[--passwordalias pwdaliasname]
admin-username

Description

The enable-secure-admin-internal-user subcommand instructs all servers in the domain to authenticate to each other, and to authorize admin operations submitted to each other, using an existing admin username and password rather than SSL certificates. This generally means that you must:

  1. Create a valid admin user.

    asadmin> create-file-user --authrealmname admin-realm --groups 
    asadmin newAdminUsername
    
  2. Create a password alias for the just-created password.

    asadmin> create-password-alias passwordAliasName
    
  3. Use that user name and password for inter-process authentication and admin authorization.

    asadmin> enable-secure-admin-internal-user 
    --passwordalias passwordAliasName
    newAdminUsername
    

If GlassFish Server finds at least one secure admin internal user, then if secure admin is enabled GlassFish Server processes will not use SSL authentication and authorization with each other and will instead use username password pairs.

If secure admin is enabled, all GlassFish Server processes continue to use SSL encryption to secure the content of the admin messages, regardless of how they authenticate to each other.

Most users who use this subcommand will need to set up only one secure admin internal user. As a general practice, you should not use the same user name and password pair for internal admin communication and for admin user login.

If you set up more than one secure admin internal user, you should not make any assumptions about which user name and password pair GlassFish Server will choose to use for any given admin request.

Options

--help
-?

Displays the help text for the subcommand.

--passwordalias

The password alias for the user that GlassFish Server should use for internally authenticating and authorizing the DAS to instances and the instances to the DAS.

Operands

admin-username

The admin user name that GlassFish Server should use for internally authenticating and authorizing the DAS to instances and the instances to the DAS.

Examples

Example 1   Specifying a user name and password for secure admin

The following example allows secure admin to use a user name and password alias for authentication and authorization between the DAS and instances, instead of certificates.

asadmin> enable-secure-admin-internal-user 
--passwordalias passwordAliasName
newAdminUsername

Exit Status

0

subcommand executed successfully

1

error in executing the subcommand

See Also

enable-secure-admin(1)

disable-secure-admin-internal-user(1)

asadmin(1M)