1 Reply Latest reply on Apr 30, 2013 6:31 AM by dlofthouse

Securing management native interface

andrei.serea Apr 30, 2013 6:05 AM

I'm trying for a couple of days now to secure the native management interface but with no luck.

The setup is the default jboss as 7.1.1:

The management tag

<security-realms>

<security-realm name="ManagementRealm">

</authentication>

</security-realm>

<security-realm name="ApplicationRealm">

</authentication>

</security-realm>

</security-realms>

<management-interfaces>

<native-interface security-realm="ManagementRealm">

<socket-binding native="management-native"/>

</native-interface>

<http-interface security-realm="ManagementRealm">

<socket-binding http="management-http"/>

</http-interface>

</management-interfaces>

</management>

The socket bindings:

<socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>

<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>

As you can see, everything is default.

My mgmt-users.properties contains 2 users.

The funny thing is that the http interface prompts for password but the native interface (when connecting through cli) doesn;t.

Any ideas?

1. Re: Securing management native interface

dlofthouse Apr 30, 2013 6:31 AM (in response to andrei.serea)

The CLI is authenticating use the local authentication mechanism i.e. the server is challenging it with a file written to disk and the CLI is proving that it can read the file and sending the response to the server. As the user running the CLI has access to the configuration files there is no need to prompt for a username and password.

Try running the CLI on a remote host and you should see the prompt.
Actions