Did it. Correct, from a remote AS instance CLI authentication is prompted.
2011/11/23 Darran Lofthouse <darran.lofthouse(a)jboss.com>
On 11/23/2011 01:55 PM, Francesco Marchioni wrote:
> Hi all,
> so far I have tested the following options:
>
>> I don’t think so (although I haven’t tried it). This is because your
>>
> mgmt-user.properties file has no >users listed.
> No, even after adding an user (with the add-user.cmd command) still no
> authentication required by CLI
>
That is expected if you are local you already have access to the server
configuration so a connection can be negotiated without requiring a
username and password.
>>>> @Wondering if that works for the console as well?
> Yes the http console issues a BASIC authentication popup.
>
The popup is actually a DIGEST popup
>>>> AFAIK the CLI checks if you are on localhost. In that case the
> authentication is not
> >>>> required.
> I've checked binding server and management interface to another IP
> address available on my card and still no authentication requested by CLI
>
The CLI will detect that the address is not really remote.
The only test I'm missing at the moment is connecting to a remote AS
> instance.
>
Yes that is the test you are missing.
> Regards
> Francesco
>
> 2011/11/23 Dimitris Andreadis <dandread(a)redhat.com
> <mailto:dandread@redhat.com>>
>
>
> For a once-off, that makes more sense.
>
> On 23/11/2011 14:47, Darran Lofthouse wrote:
> > On 11/23/2011 12:40 PM, Dimitris Andreadis wrote:
> >> Starting the console from a script is not really an option, IMO.
> >
> > In general no - there is no plan to drop direct access using a
> URL and no plan to drop
> > existing HTTP authentication.
> >
> > The starting from a script idea is more for the scenario of how
> do we connect to a secured
> > system and authenticate so we can add a user to that system when
> there are no users
> > currently defined on that system.
> >
> >> On 23/11/2011 14:17, Darran Lofthouse wrote:
> >>> On 11/23/2011 12:10 PM, Heiko Braun wrote:
> >>>>
> >>>>
> >>>> AFAIK the CLI checks if you are on localhost. In that case the
> authentication is not
> >>>> required.
> >>>
> >>> That is correct, I am just writing an article to send round
> with the
> >>> details.
> >>>
> >>> The CLI will have authenticated against the server but as you
> are local
> >>> to the server it will have used a silent authentication mechanism.
> >>>
> >>>> @Wondering if that works for the console as well?
> >>>
> >>> Unfortunately no the console has a different set of issues as
> the web
> >>> browser doesn't have access to the filesystem, I am considering
> if we
> >>> can start the console from a script to pass some form of token
> but at
> >>> the moment the console does retain the need for a username and
> password.
> >>>
> >>>> Ike
> >>>>
> >>>> On Nov 23, 2011, at 1:03 PM, Francesco Marchioni wrote:
> >>>>
> >>>>> Hi all !
> >>>>> In the release notes it's mentioned that management
> interfaces will be secured by
> >>>>> default, however in the very first test I did, no
> authentication was asked. (Although
> >>>>> in the configuration there is a ManagementRealm associated
> with the management
> >>>>> interfaces).
> >>>>> Have I hit a bug ?
> >>>>> Regards
> >>>>> Francesco
> >>>>>
> >>>>> ______________________________**_________________
> >>>>> jboss-as7-dev mailing list
> >>>>> jboss-as7-dev(a)lists.jboss.org
> <mailto:jboss-as7-dev@lists.**jboss.org<jboss-as7-dev@lists.jboss.org>
> >
>
> >>>>>
https://lists.jboss.org/**mailman/listinfo/jboss-as7-dev<https://lists...
> >>>>
> >>>>
> >>>> ______________________________**_________________
> >>>> jboss-as7-dev mailing list
> >>>> jboss-as7-dev(a)lists.jboss.org
> <mailto:jboss-as7-dev@lists.**jboss.org<jboss-as7-dev@lists.jboss.org>
> >
>
> >>>>
https://lists.jboss.org/**mailman/listinfo/jboss-as7-dev<https://lists...
> >>> ______________________________**_________________
> >>> jboss-as7-dev mailing list
> >>> jboss-as7-dev(a)lists.jboss.org
> <mailto:jboss-as7-dev@lists.**jboss.org<jboss-as7-dev@lists.jboss.org>
> >
>
> >>>
https://lists.jboss.org/**mailman/listinfo/jboss-as7-dev<https://lists...
> >>
>
> --
> xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Dimitris Andreadis
> Software Engineering Manager
> JBoss Application Server
> by Red Hat
> xxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
>
http://dandreadis.blogspot.**com/ <
http://dandreadis.blogspot.com/>
> ______________________________**_________________
> jboss-as7-dev mailing list
> jboss-as7-dev(a)lists.jboss.org
<mailto:jboss-as7-dev@lists.**jboss.org<jboss-as7-dev@lists.jboss.org>
> >
>
https://lists.jboss.org/**mailman/listinfo/jboss-as7-dev<https://lists...
>
>
>