Chapter 13. Managing User Accounts

Procedure 13.1. Create the Initial Administrative User for the Remote Management Interfaces

1. Invoke the add-user.sh or add-user.bat script.

   Change to the EAP_HOME/bin/ directory. Invoke the appropriate script for your operating system.

   Red Hat Enterprise Linux

   [user@host bin]$ ./add-user.sh

   Copy to Clipboard Toggle word wrap

2. Choose to add a Management user.

   Hit ENTER to select the default option a to add a Management user. This user is added to the ManagementRealm and is authorized to perform management operations using the web-based Management Console or command-line based Management CLI. The other choice, b, adds a user to the ApplicationRealm, and provides no particular permissions. That realm is provided for use with applications.

3. Enter the desired username and password.

   When prompted, enter the username and password. You will be prompted to confirm the password.

4. Review the information and confirm.

   You are prompted to confirm the information. If you are satisfied, type yes.

5. Choose whether the user represents a remote JBoss EAP 6 server instance.

   Besides administrators, the other type of user which occasionally needs to be added to JBoss EAP 6 in the ManagementRealm is a user representing another instance of JBoss EAP 6, which must be able to authenticate to join a cluster as a member. The next prompt allows you to designate your added user for this purpose. If you select yes, you will be given a hashed secret value, representing the user's password, which would need to be added to a different configuration file. For the purposes of this task, answer no to this question.

6. Enter additional users.

   You can enter additional users if desired by repeating the procedure. You can also add them at any time on a running system. Instead of choosing the default security realm, you can add users to other realms to fine-tune their authorizations.

7. Create users non-interactively.

   You can create users non-interactively, by passing in each parameter at the command line. This approach is not recommended on shared systems, because the passwords will be visible in log and history files. The syntax for the command, using the management realm, is:

   [user@host bin]$ ./add-user.sh username password

   Copy to Clipboard Toggle word wrap
   To use the application realm, use the -a parameter.

   [user@host bin]$ ./add-user.sh -a username password

   Copy to Clipboard Toggle word wrap
8. You can suppress the normal output of the add-user script by passing the --silent parameter. This applies only if the minimum parameters username and password have been specified. Error messages will still be shown.