THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Info |
|---|
This page applies to Java Broker versions before 0.14. For up to date documentation, please refer to the Security section in the Java Broker book. |
The Qpid Java Broker has a single reference source (PrincipalDatabase) that defines all the users in the system.
...
The plain file has the following format:
| No Format |
|---|
# Plain password authentication file.
# default name : passwd
# Format <username>:<password>
#e.g.
martin:password
|
...
Lines starting with a '#' are treated as comments.
This file is currently re-read for every new connection so changes to the file are immediately available to the broker.
Where is the password file for my broker ?
The location of the password file in use for your broker is as configured in your config.xml file.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<principal-databases>
<principal-database>
<name>passwordfile</name>
<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
<attributes>
<attribute>
<name>passwordFile</name>
<value>${conf}/passwd</value>
</attribute>
</attributes>
</principal-database>
</principal-databases>
|
So in the example config.xml file this password file lives in the directory specified as the conf directory (at the top of your config.xml file).
If you wish to use Base64 encoding for your password file, then in the <class> element above you should specify org.apache.qpid.server.security.auth.database.Base64MD5PasswordFilePrincipalDatabase
The default is:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<conf>${prefix}/etc</conf>
|
| Anchor | ||||
|---|---|---|---|---|
|
Base64MD5 Password File Format
This format can be used to ensure that SAs cannot read the plain text password values from your password file on disk.
The Base64MD5 file uses the following format:
| No Format |
|---|
# Base64MD5 password authentication file
# default name : qpid.passwd
# Format <username>:<Base64 Encoded MD5 hash of the users password>
#e.g.
martin:X03MO1qnZdYdgyfeuILPmQ==
|
...
This file is read on broker start-up and is not re-read.
How can I update a Base64MD5 password file ?
To update this the file there are two options:
- Edit the file by hand using the qpid-passwd tool that will generate the required lines. The output from the tool is the text that needs to be copied in to your active password file. (. This tool is located in the broker bin directory.
Eventually it is planned for this tool to emulate the functionality of htpasswd for qpid passwd files.) This tools is located in the broker bin directory.
NOTE: For the changes to be seen by the broker you must either restart the broker or reload the data with the management tools (see Eclipse Managament Console Reload Data Tab Qpid JMX Management Console User Guide) - Use the management tools to create a new user (See the Eclipse Managament Console Create User Tab). The changes will be made by the broker to the password file and the new user will be immediately available to the system (see Qpid JMX Management Console User Guide).
Dynamic changes to password files.
The Plain password file is re-read from disk on every login. So changes to the file will take immediate effect to a running broker. However, and the Base64MD5 format is file are both only read once on start up.
To make changes dynamically there are two options, both require administrator access via the Management Console .(see Qpid JMX Management Console User Guide)
- You can replace the file and use the console to reload its contents.
- The management console provides an interface to create, delete and amend the users. These changes are written back to the active password file.
...