-----Original Message----- From: André Warnier [mailto:a...@ice-sa.com] Sent: Tuesday, April 07, 2015 11:02 AM To: Tomcat Users List Subject: Re: Issue with JMX in tomcat
Email sent from outside of PSEG. Use caution before using links/attachments. Paul, Subhro wrote: > Dear Team, > > Below is the property I was using to enable JMX in tomcat.conf file without > authentication : > > CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.port=9010 > -Dcom.sun.management.jmxremote.ssl=false > -Dcom.sun.management.jmxremote.authenticate=false > -Djava.rmi.server.hostname=xx.xxx.xxx.xxx" > > This was working fine through jConsole or VisualVM remotely. > > To move the change in production server we decided to enable user > authentication. So, on the same box we did a trial and changed the property > value as below: > > CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.port=9010 > -Dcom.sun.management.jmxremote.ssl=false > -Dcom.sun.management.jmxremote.authenticate=true > -Djava.rmi.server.hostname=10.184.222.84 > -Dcom.sun.management.jmxremote.password.file=/export/home/webserve/jmxremote.password > > -Dcom.sun.management.jmxremote.access.file=/export/home/webserve/jmxremote.access" > > Content in jmxremote.access : > monitorRole readonly > controlRole readwrite > > > Content in jmxremote.password : > monitorRole webserve > controlRole webserve > > > Tomcat is running under "webserve" user. Now every time we connect to the JMX > on the server getting message "Authentication Failed! Invalid username or > password" > > We are using Linux 6.5 64 bit OS, Tomcat6 and JAVA 1.6. Please let me know > what I need to change here? > > Hi. Just a shot in the dark, and I have not rechecked the Java JVM documentation for this right now. Are the files "jmxremote.password" and "jmxremote.access" - owned by the user which runs tomcat - readable by, and *only* by the user which runs tomcat ? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Dear Andre, Yes. It's readonly to webserve user and owner of the password file is also webserve user. Thanks & Regards, Subhro Paul ----------------------------------------- The information contained in this e-mail, including any attachment(s), is intended solely for use by the named addressee(s). If you are not the intended recipient, or a person designated as responsible for delivering such messages to the intended recipient, you are not authorized to disclose, copy, distribute or retain this message, in whole or in part, without written authorization from PSEG. This e-mail may contain proprietary, confidential or privileged information. If you have received this message in error, please notify the sender immediately. This notice is included in all e-mail messages leaving PSEG. Thank you for your cooperation.