Plugin:org.tolven.assembler.admin

From DOC

Jump to: navigation, search

Contents

Overview

Passwords are encrypted and stored in a password store given by a property admin.passwordStoreFile located in the <config-dir>/plugins.xml file. By default the value is a relative path called admin-password.cfg. This file comes with the org.tolven.assmebler.admin plugin, and will be copied to the <config-dir>/credentials/admin directory, unless the user places an asbolute path in its place. If a file exists in either of these places, then that one will be used instead.

The password store is merely a convenience so that the user does not have to type all of the passwords for every command. This is why the admin password is required i.e. to unlock the password store. Each password is associated with a password Id, and that Id (not the password) is viewable using the commands below. The passwords include passwords for keystores, keys, truststores etc on the filesystem, as well as server passwords such as LDAP, the database and JBoss.

This plugin comes with a default family of credentials which work together and originate in a number of associated plugins, easily identifiable by looking at the <config-dir>/plugins.xml file. These are placed in the <config-dir>/credentials directory, but only if a file does not exist there beforehand. In addition, the server default passwords (LDAP: secret, PG: postgres, Oracle tolven and JBoss tolven are also stored there, although they don't have related keystores, keys etc on the filesystem.

You can access the passwords in the Tolven-RC1 version by using the following commands. Please note that the commands simply change the password related to the password Id in the store. It will not change the physical passwords of the credentials in the <config-dir>/credentials directory or the server passwords in those servers. You'll have to do that using Keytool, openldap commands, and the various database commands etc.

Managing_Credentials contains more detailed information on managing credentials.

List Password Ids

To list the password Ids in the <config-dir>/credentials directory (or basically wherever you've defined then in the <config-dir>/plugins.xml file, execute: 

tpf -plugin org.tolven.assembler.admin -displayPasswordIds

An example of the output is below: 

admin		required=true:stored=true:comment=ADMIN
jboss		required=false:stored=true:comment=APPSERVER_SSL
ldap		required=true:stored=true:comment=LDAP_SSL
ldap.root	required=true:stored=true:comment=LDAP_MANAGER
ldapClient	required=true:stored=true:comment=LDAPCLIENT_SSL
mdbuser		required=true:stored=true:comment=MDBUSER
pgadmin		required=true:stored=false:comment=DBCLIENT_SSL
postgresql	required=false:stored=false:comment=DB_SSL
postgresql.root	required=true:stored=true:comment=DB_MANAGER
tolven		required=true:stored=true:comment=TOLVEN

Each passwordId above corresponds to a groupId value in the <config-dir>/plugins.xml file. Also note that at the time of writing having a password on the postgresql DB_SSL file or the pgadmin DBCLINET_SSL file results in problems in starting both PostgreSQL and pgAdminIII, which is why the appear with stored=false above.

Add A Password

You will be prompted for a password only once, since you have control to remove it or change it via your admin password. You can use verifyPassword to check: 

tpf -plugin org.tolven.assembler.admin -addPassword passwordId

Verify A Password

You will be prompted for a password for the passwordId: 

tpf -plugin org.tolven.assembler.admin -verifyPassword passwordId

Change A Password

You will be prompted for the new password for the passwordId: 

tpf -plugin org.tolven.assembler.admin -changePassword passwordId

Remove A Password

You can supply a list of password Ids, which will then be removed from the password store: 

tpf -plugin org.tolven.assembler.admin -removePassword listOfPasswordIds

Version 2.1 Notes

Versopm 2.1.1

  • Moved the following files from org.tolven.assembler.admin to org.tolven.assembler.configwrapper:
    • credential.xml
    • tolven-config.xml

Version 2.1.0

  • The files credential.xsd and tolven-config.xsd, and their targets in the build.xml, have been moved to a new plug-in called org.tolven.assembler.configwrapper in order to remove circular build dependencies.


Version 2 Notes

Version 2.0.15

  1. Corrected the user prompt for the Password.

Version Notes

Version 0.0.11

  1. Allow the credential.groupId for another set of appserver credentials to co-exist in the plugins.xml, although only one is active

Version 0.0.10

  1. Minor update of an error message

Version 0.0.9

  1. For the -displayPasswordIds option, show whether passwordId is required, whether it is stored and a comment

Version 0.0.8

  1. Fixed bug so that the LDAP and DB private keys no longer need to be present in the credentials directory during configuration, in the event that LDAP and DB are administered by someone other than admin. Only the public keys are required.

Version 0.0.7

  1. assembler plugins will now only build during configPhase, if the <tolven-config>/build/repositoryTmp does not exist or is empty, implying a build has not yet occurred. The build directory is deleted whenever plugins are downloaded resulting in a change in material, with which to build.

Version 0.0.6

  1. tolvenRemoteClient is now assembled during configPhase1, and placed in the public/download directory of the /Tolven context, where it can be automatically downloaded from the server via http to the installDir/remoteLib directory for use during the execution of configPhase3

Version 0.0.5

  1. Swapped plugins from using doStart() to an explicit execute().
  2. Switched many logger statements

Version 0.0.4

Fixed a bug in the -changePassword option, which prevented changes When not using the tolven environment variables, the config directory was asked for twice for configPhase1

Retrieved from "http://wiki.tolven.org/doc/index.php/Plugin:org.tolven.assembler.admin"
Personal tools