Author: smumford
Date: 2010-12-10 00:41:26 -0500 (Fri, 10 Dec 2010)
New Revision: 5546
Modified:
epp/docs/branches/EPP_5_1_Branch/Installation_Guide/en-US/Post_Installation.xml
Log:
JBEPP-515: Added new procedure to encrypt Messaging suckerPassword
Modified: epp/docs/branches/EPP_5_1_Branch/Installation_Guide/en-US/Post_Installation.xml
===================================================================
---
epp/docs/branches/EPP_5_1_Branch/Installation_Guide/en-US/Post_Installation.xml 2010-12-10
04:01:37 UTC (rev 5545)
+++
epp/docs/branches/EPP_5_1_Branch/Installation_Guide/en-US/Post_Installation.xml 2010-12-10
05:41:26 UTC (rev 5546)
@@ -111,12 +111,38 @@
</para>
</important>
<formalpara>
- <title>Set SuckerPassword for JBoss Messaging:</title>
+ <title>SuckerPassword for JBoss Messaging:</title>
<para>
JBoss Messaging makes internal connections between nodes in order to redistribute
messages between clustered destinations. These connections are made with the user name of
a special reserved user whose password is specified by the
<literal>suckerPassword</literal> attribute in the Server Peer configuration
file:
<filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/messaging/messaging-jboss-beans.xml</filename>.
</para>
</formalpara>
- <para>
+ <procedure>
+ <title>Set suckerPassword for JBoss Messaging</title>
+ <step>
+ <para>
+ Edit the
<filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/messaging/messaging-jboss-beans.xml</filename>
file and change the suckerPassword value from "CHANGE ME!!" to a plain text
password:
+ </para>
+<programlisting>>property name="suckerPassword"<CHANGE
ME!!</property>
+</programlisting>
+ </step>
+ <step>
+ <para>
+ Insert the same password you stored in the
<filename>messaging-jboss-beans.xml</filename> file into the following
command:
+ </para>
+<programlisting><replaceable>JAVA_HOME</replaceable>/bin/java -cp
<replaceable>JBOSS_HOME</replaceable>/client/jboss-messaging-client.jar
org.jboss.messaging.util.SecurityUtil
<replaceable>PLAIN_TEXT_PASSWORD</replaceable>
+</programlisting>
+ </step>
+ <step>
+ <para>
+ Copy the encrypted password generated by the above command into the
SuckerPassword attribute of the
<filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/messaging/messaging-service.xml</filename>
file:
+ </para>
+<programlisting><attribute
name="SuckerPassword"><replaceable>ENCRYPTED_PASSWORD</replaceable></attribute></programlisting>
+ </step>
+ </procedure>
+ <para>
+ The suckerpassword in the messaging-service.xml file is for "client
side" configuration and is used to initiate a connection, while the suckerpassword in
messaging-jboss-beans.xml is part of the "server side" configuration and is used
to authenticate incoming connection request.
+ </para>
+<!-- <para>
To avoid a security risk, you MUST specify the value of the
<literal>SuckerPassword</literal> attribute, failing which the default value
will be used. Any one who knows the default password will be able to gain access to any
destinations on the server. The following fragment should be uncommented and modified:
</para>
<programlisting language="XML" role="XML"><bean
name="SecurityStore"
@@ -130,7 +156,7 @@
...
...
</bean>
-</programlisting>
+</programlisting>-->
</section>