红帽全球峰会此内容没有您所选择的语言版本。
16.4. Create password masks
jboss-as/bin/password/jboss_password_enc.dat. This file is encrypted using a key pair you provide to the password tool, and it contains the passwords that will be masked in configuration files. Passwords are stored and retrieved from this file by 'domain', an arbitrary unique identifier that you specify to the Password Tool when storing the password, and that you specify as part of the annotation that replaces that clear text password in configuration files. This allows the JBoss Application Server to retrieve the correct password from the file at run time.
Note
jboss-as/bin/password/password.keystore) and encrypted key store password file (jboss-as/bin/password/jboss_keystore_pass.dat) readable by your user, and the encrypted passwords file jboss-as/bin/password/jboss_password_enc.dat (if it already exists) read and writable, while you perform this operation.
Procedure 16.4. Create password masks
Prerequisites:
- At the command line, change to the
jboss-as/bindirectory. - Run the password tool, using the command
./password_tool.shfor Unix-based systems, orpassword_tool.batfor Windows-based systems.Result:The JBoss Password Tool will start, and will report '
Keystore is null. Please specify keystore below:'. - Select '
1:Specify KeyStore' by pressing 1 then Enter.Result:The password tool responds with '
Enter Keystore location including the file name'. - Enter the path to the key store you created in Procedure 16.2, “Generate a key pair and key store for password masking”. You can specify an absolute path, or the path relative to
jboss-as/bin. This should bepassword/password.keystore, unless you have performed an advanced installation and changed the defaults as per Section 16.6, “Changing the password masking defaults”.Result:The password tool responds with '
Enter Keystore alias'. - Enter the key alias. This should be
jboss, unless you have performed an advanced installation and changed the defaults as per Section 16.6, “Changing the password masking defaults”.Result:If the key store and key alias are accessible, the password tool will respond with some log4j WARNING messages, then the line '
Loading domains [', followed by any existing password masks, and the main menu. - Select '
2:Create Password' by pressing 2, then EnterResult:The password tool responds with: '
Enter security domain:'. - Enter a name for the password mask. This is an arbitrary unique name that you will use to identify the password mask in configuration files.Result:
The password tool responds with: '
Enter passwd:'. - Enter the password that you wish to mask.Result:
The password tool responds with: '
Password created for domain:mask name' - Repeat the password mask creation process to create masks for all passwords you wish to mask.
- Exit the program by choosing '
5:Exit'
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}