June 12th, 2007, 02:53
|
 | Site Moderator | | Join Date: Jun 2006 Location: West Chester, PA
Posts: 791
Thanks: 51
Thanked 194 Times in 119 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 10 | |
| [SOLVED] Issue: Changing GUEST.ADMIN Password Causes OTM Restart to Fail
Just found an interesting (read PITA) issue with OTM v5.5 CU1 and up (including CU2 and CU3). If you change the password for the GUEST.ADMIN user, OTM will no longer startup correctly and you'll get the following error message when trying to bring up the login screen: Code: Error found handling the request.javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: User: GUEST.ADMIN, failed to be authenticated.
javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: User: GUEST.ADMIN, failed to be authenticated.
at glog.database.security.jaas.ClientLoginModuleImpl.login(ClientLoginModuleImpl.java:50)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at glog.database.security.jaas.AuthenticationContext.login(AuthenticationContext.java:95)
at glog.util.remote.NamingDirectory.(NamingDirectory.java:783)
at glog.util.remote.NamingDirectory.get(NamingDirectory.java:199)
at glog.util.remote.NamingDirectory.getForGuest(NamingDirectory.java:307)
at glog.util.remote.NamingDirectory.get(NamingDirectory.java:115)
at glog.util.remote.NamingDirectory.get(NamingDirectory.java:126)
at glog.util.remote.SessionBeanHomeInvoker.(SessionBeanHomeInvoker.java:26)
at glog.util.remote.NamingDirectory.get(NamingDirectory.java:170)
at glog.util.remote.NamingDirectory.get(NamingDirectory.java:225)
at glog.util.remote.NamingDirectory.getForSystem(NamingDirectory.java:283)
at glog.util.remote.NamingDirectory.getForSystem(NamingDirectory.java:316)
at glog.util.remote.NamingDirectory.getForSystem(NamingDirectory.java:320)
at glog.util.uom.UOMLoader.loadFromServer(UOMLoader.java:92)
at glog.webserver.util.BaseServlet.service(BaseServlet.java:585)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at glog.webserver.screenlayout.ClientSessionTracker.doFilter(ClientSessionTracker.java:54)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
This issue occurs because of some code changes necessary to support OAS (Oracle Application Server). In order to resolve this issue you need to add a parameter to your tomcat configuration file, with the Base64 encoded value of your new GUEST.ADMIN password. For this example, I'm going to change the password of the GUEST.ADMIN user to "GUESTPASSWORD".
NOTE: While testing this - I found that if your password contains non-alpha-numeric characters, this won't work. So don't include characters like: !, @, #, $, %, ^, &, *, (, ), etc...
First, login to OTM and change the GUEST.ADMIN password to GUESTPASSWORD. Then, shutdown OTM.
In order to get the Base64 encoded version of your password, you can either:
1) Login to your OTM web server and run: Code: cd <otm_home_dir>/install
. ./gc3env.sh
java glog.util.appclass.Base64Encoding GUESTPASSWORD 2) Open a web browser and go to: Base64 Encoder and Decoder
Either way, you'll get an encoded version that looks like: R1VFU1RQQVNTV09SRA==
Now, on your OTM web server(s) edit your <otm_home_dir>/tomcat/bin/tomcat.conf file and append the following line to the "# Java Additional Parameters" section: Code: wrapper.java.additional.18=-DGuestEncodedPassword=R1VFU1RQQVNTV09SRA== Ensure that the number (18 in this example) is the next consecutive number within that section. For our example, the section would look like: Code: # Java Additional Parameters
wrapper.java.additional.1=-jrockit
wrapper.java.additional.2=-Xms1025m
wrapper.java.additional.3=-Xmx1025m
wrapper.java.additional.4=-Xgcprio:pausetime
wrapper.java.additional.5=-Xverbose:memory
wrapper.java.additional.6=-Xnoclassgc
wrapper.java.additional.7=-DGC3EncodedPassword=Q0hBTkdFTUU=
wrapper.java.additional.8=-Dglog.properties=glog.tomcat.properties
wrapper.java.additional.9=-Dglog.home=%GLOG_HOME%/glog/config
wrapper.java.additional.10=-Duser.home=%GLOG_HOME%/glog/config
wrapper.java.additional.11=-Djava.io.tmpdir=%GLOG_HOME%/temp
wrapper.java.additional.12=-Djava.awt.headless=true
wrapper.java.additional.14=-Dweblogic.ThreadPoolSize=15
wrapper.java.additional.15=-Djava.endorsed.dirs=%GLOG_HOME%/tomcat/common/endorsed
wrapper.java.additional.16=-Dcatalina.base=%GLOG_HOME%/tomcat
wrapper.java.additional.17=-Dcatalina.home=%GLOG_HOME%/tomcat
wrapper.java.additional.18=-DGuestEncodedPassword=R1VFU1RQQVNTV09SRA== Finally, restart OTM and everything should work.
References: While investigating this issue, I found related information in the following Oracle Metalink Docs: Note:392713.1 and Note:422201.1.
Hope this helps!
--Chris
|
Linear Mode
