Author: smumford Date: 2010-12-10 00:41:26 -0500 (Fri, 10 Dec 2010) New Revision: 5546 Modified: epp/docs/branches/EPP_5_1_Branch/Installation_Guide/en-US/Post_Installation.xml Log: JBEPP-515: Added new procedure to encrypt Messaging suckerPassword Modified: epp/docs/branches/EPP_5_1_Branch/Installation_Guide/en-US/Post_Installation.xml =================================================================== --- epp/docs/branches/EPP_5_1_Branch/Installation_Guide/en-US/Post_Installation.xml 2010-12-10 04:01:37 UTC (rev 5545) +++ epp/docs/branches/EPP_5_1_Branch/Installation_Guide/en-US/Post_Installation.xml 2010-12-10 05:41:26 UTC (rev 5546) @@ -111,12 +111,38 @@ </para> </important> <formalpara> - <title>Set SuckerPassword for JBoss Messaging:</title> + <title>SuckerPassword for JBoss Messaging:</title> <para> JBoss Messaging makes internal connections between nodes in order to redistribute messages between clustered destinations. These connections are made with the user name of a special reserved user whose password is specified by the <literal>suckerPassword</literal> attribute in the Server Peer configuration file: <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable>&lt;PROFILE&gt;</replaceable>/deploy/messaging/messaging-jboss-beans.xml</filename>. </para> </formalpara> - <para> + <procedure> + <title>Set suckerPassword for JBoss Messaging</title> + <step> + <para> + Edit the <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable>&lt;PROFILE&gt;</replaceable>/deploy/messaging/messaging-jboss-beans.xml</filename> file and change the suckerPassword value from "CHANGE ME!!" to a plain text password: + </para> +<programlisting>&gt;property name="suckerPassword"&lt;CHANGE ME!!&lt;/property&gt; +</programlisting> + </step> + <step> + <para> + Insert the same password you stored in the <filename>messaging-jboss-beans.xml</filename> file into the following command: + </para> +<programlisting><replaceable>JAVA_HOME</replaceable>/bin/java -cp <replaceable>JBOSS_HOME</replaceable>/client/jboss-messaging-client.jar org.jboss.messaging.util.SecurityUtil <replaceable>PLAIN_TEXT_PASSWORD</replaceable> +</programlisting> + </step> + <step> + <para> + Copy the encrypted password generated by the above command into the SuckerPassword attribute of the <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable>&lt;PROFILE&gt;</replaceable>/deploy/messaging/messaging-service.xml</filename> file: + </para> +<programlisting>&lt;attribute name="SuckerPassword"&gt;<replaceable>ENCRYPTED_PASSWORD</replaceable>&lt;/attribute&gt;</programlisting> + </step> + </procedure> + <para> + The suckerpassword in the messaging-service.xml file is for "client side" configuration and is used to initiate a connection, while the suckerpassword in messaging-jboss-beans.xml is part of the "server side" configuration and is used to authenticate incoming connection request. + </para> +<!-- <para> To avoid a security risk, you MUST specify the value of the <literal>SuckerPassword</literal> attribute, failing which the default value will be used. Any one who knows the default password will be able to gain access to any destinations on the server. The following fragment should be uncommented and modified: </para> <programlisting language="XML" role="XML">&lt;bean name="SecurityStore" @@ -130,7 +156,7 @@ ­... ­... &lt;/bean&gt; -</programlisting> +</programlisting>--> </section>