-----Original Message-----
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, April 07, 2015 11:02 AM
To: Tomcat Users List
Subject: Re: Issue with JMX in tomcat
Email sent from outside of PSEG. Use caution before using links/attachments.
Paul, Subhro wrote:
> Dear Team,
>
> Below is the property I was using to enable JMX in tomcat.conf file without
> authentication :
>
> CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.port=9010
> -Dcom.sun.management.jmxremote.ssl=false
> -Dcom.sun.management.jmxremote.authenticate=false
> -Djava.rmi.server.hostname=xx.xxx.xxx.xxx"
>
> This was working fine through jConsole or VisualVM remotely.
>
> To move the change in production server we decided to enable user
> authentication. So, on the same box we did a trial and changed the property
> value as below:
>
> CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.port=9010
> -Dcom.sun.management.jmxremote.ssl=false
> -Dcom.sun.management.jmxremote.authenticate=true
> -Djava.rmi.server.hostname=10.184.222.84
> -Dcom.sun.management.jmxremote.password.file=/export/home/webserve/jmxremote.password
>
> -Dcom.sun.management.jmxremote.access.file=/export/home/webserve/jmxremote.access"
>
> Content in jmxremote.access :
> monitorRole readonly
> controlRole readwrite
>
>
> Content in jmxremote.password :
> monitorRole webserve
> controlRole webserve
>
>
> Tomcat is running under "webserve" user. Now every time we connect to the JMX
> on the server getting message "Authentication Failed! Invalid username or
> password"
>
> We are using Linux 6.5 64 bit OS, Tomcat6 and JAVA 1.6. Please let me know
> what I need to change here?
>
>
Hi. Just a shot in the dark, and I have not rechecked the Java JVM
documentation for this
right now.
Are the files "jmxremote.password" and "jmxremote.access"
- owned by the user which runs tomcat
- readable by, and *only* by the user which runs tomcat
?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Dear Andre,
Yes. It's readonly to webserve user and owner of the password file is also
webserve user.
Thanks & Regards,
Subhro Paul
-----------------------------------------
The information contained in this e-mail, including any attachment(s), is
intended solely for use by the named addressee(s). If you are not the intended
recipient, or a person designated as responsible for delivering such messages
to the intended recipient, you are not authorized to disclose, copy, distribute
or retain this message, in whole or in part, without written authorization from
PSEG. This e-mail may contain proprietary, confidential or privileged
information. If you have received this message in error, please notify the
sender immediately. This notice is included in all e-mail messages leaving
PSEG. Thank you for your cooperation.
