How to change the default admin password in ActiveMQ Artemis - admin

I've checked the docs, but so far haven't found how to change the default admin password in ActiveMQ Artemis 2.27.1 created when using the artemis create command.
Here are the contents of the etc/login.config:
activemq {
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
debug=false
reload=true
org.apache.activemq.jaas.properties.user="artemis-users.properties"
org.apache.activemq.jaas.properties.role="artemis-roles.properties";
};
These are the contents of artemis-users.properties:
admin = ENC(1024:EE12ADBFA02C8DB4AF73E22F44C9BD2C12861A2CD01186CA07A874FAA824A757:BA04C1C3F55B0F68EFB2804BB001EAC2C5105EC1662DCBF96E158F9DA3E0C1BB9D8ECA2FF77BBD391938BCB1E69D865322981AB134BF81B1378AFBBE9C040350)
#admin = ENC(1024:389da8e6db1d6dc50b300ec99ea5604a)
I tried masking the the password as described here, (this is the commented admin), but got invalid credentials when I tried to login after restarting the server.
I generated it like this:
./artemis mask <plaintextPassword>

By default credentials are stored in the etc/artemis-users.properties. Each line represents a user and its password in the format:
<user> = <password>
Passwords are hashed by default and stored using the ENC() syntax, but you can use plain text password if you want. Also, by default any changes to artemis-users.properties and artemis-roles.properties are reloaded automatically (since reload=true in login.config) so there's no need to restart the broker.
More details are available in the documentation for the PropertiesLoginModule.
If you want to update the file manually with a hashed password you need to use the following command in the bin directory:
$ ./artemis mask --hash <password>
This is documented in the "Masking Passwords" chapter.
Additionally, if you have at least one valid, working user account with the manage permission or if you have anonymous login enabled then you can use the user commands to list, add, remove, and reset users. As before, more details can be found in the documentation.

Related

Unable to reset password in Django

I have an app which allows the user to reset password. I user the django authentification system but everytime I want to send an email I get the error ' 535, b'5.7.8 Username and Password not accepted. '.
I have already generated and app password and replace the password in my "settings.py" but I still get this error.
have you
tried sending passwords with a separate python script or application like the REST Client in VSC to assure the credentials are working? At least when using gmail I know you have to adapt the security settings in the gmail account used.
checked e.g. by using print statements (ONYL in you dev environment!) that the credentials are available as expected?

IIB SOAP user password Authentication at provider end

I am following link https://www.ibm.com/developerworks/websphere/library/techarticles/1505_kumar/1505_kumar.html for SOAP web-service consumer. Same method I am applying for SOAP web-service provider.
I want to access username and password in esql to authenticate both consumer and provider. Is there any way to access user name and password of provider from SecurityProfiles Configurable Service in ESQL so it can be validate with Consumer credentials .
User Name and Password is plan text .
I have done following things
1. Created Policy
2. Created Bindings
3. Created User ID & security profile
mqsisetdbparms SBBROK -n SecurityID -u sbuser -p sb.123456
mqsicreateconfigurableservice SBBROK -c SecurityProfiles -o
WSSecurityProfile -n
"propagation,idToPropagateToTransport,transportPropagationConfig" -v
"TRUE,STATIC ID,SecurityID"
Configured Bar file & sets(Policy, Binding & security Profile) on SOAPInput node.
Deploy My Flow
After that, I assumed that, on these provider polices,binding, profile. provider can authenticate consumer user name and password.
I am using iib version 10.0.0.15.
I'm not sure I fully understood the question.
All I can tell you is the following: The credential provided by the one calling your service will be stored on this location : Properties/IdentitySourcePassword and Properties/IdentitySourceToken right after your input node.
IF not set to static, the SOAP Request you are doing will use the credentials at this location as well. Otherwise, it will use the defined user password in the mqsisetdbparms command.
So you can access the input credentials in your ESQL code like this :
SET callerUser=InputRoot.Properties.IdentitySourceToken;
SET callerPassword=InputRoot.Properties.IdentitySourcePassword;
For the credentials stored via the mqsisetdbparms, I don't know any way to access it and to be honest I don't see the point.
A solution, if you really need this, is to change your static user / password by a dynamic one, and set it directly in your ESQL at these locations with something like this :
SET myUser = 'Username'
SET myPassword = 'Password123'
SET callerUser=InputRoot.Properties.IdentitySourceToken;
SET callerPassword=InputRoot.Properties.IdentitySourcePassword;
##The comparison you want to do here
SET OutputRoot.Properties.IdentitySourcePassword = myPassword
SET OutputRoot.Properties.IdentitySourceToken= myUser
Of course hardcoding the user / pass is not the right solution, it is just an exemple, but you can easily store it on a database and retrieve if from the ESQL

What is default password for Jupyter created on google's data proc

I set data proc using the steps in link here
https://cloud.google.com/dataproc/docs/tutorials/jupyter-notebook
But my jyputer keep asking for password
I didn't set any password.
I tried my google account password that doesn't work
I ran ../root$ sudo grep -ir password
and get following, so that confirmed no password is set
.jupyter/jupyter_notebook_config.py:## Hashed password to use for web authentication.
.jupyter/jupyter_notebook_config.py:# The string should be of the form type:salt:hashed-password.
.jupyter/jupyter_notebook_config.py:#c.NotebookApp.password = u''
.jupyter/jupyter_notebook_config.py:# Only used when no password is enabled.
.local/share/jupyter/runtime/nbserver-3668.json: "password": false,
Since the initialization action just installs from latest using conda install jupyter, this appears to have been caused by a recent upstream change, specifically upgrading the notebook component from 4.2.3 to 4.3.0 causing token-based auth to be turned on by default. A recent cluster I deployed a couple weeks ago using the out-of-the-box init action didn't have the same login you're seeing; the design of the init action is to let Google Compute Engine firewalls be your layer of defense and the SSH tunnel being your secure connection, rather than relying on various third-party implementations of auth from the different Hadoop/Spark tools and web UIs.
The solution will be to add a line to setup-jupyter-kernel.sh:
echo "c.NotebookApp.token = u''" >> ~/.jupyter/jupyter_notebook_config.py
to disable jupyter-side authentication altogether and revert to the behavior a couple weeks ago. Note that if you want to do this yourself you'll have to fiddle with the INIT_ACTIONS_REPO and INIT_ACTIONS_BRANCH settings in jupyter.sh which may take some getting used to if you haven't been customizing it already. We'll try to push a fix as soon as possible and once that's done you should be able to use the out-of-the-box init action without causing the login screen again.
If you already have a cluster running, you can disable the auth for your jupyter server by running that manually as root after SSH'ing into the master:
sudo su
killall -9 jupyter-notebook
echo "c.NotebookApp.token = u''" >> ~/.jupyter/jupyter_notebook_config.py
/dataproc-initialization-actions/jupyter/internal/launch-jupyter-kernel.sh
Alternatively, if you do want to keep the new default token-authorization approach, the jupyter server actually logs a generated token to /var/log/jupyter_notebook.log; look for a line stating The Jupyter Notebook is running at: http://[all ip addresses on your system]:8123/?token=[some-token-string-here]; that token string can be plugged in to the password field or in the URL parameter as it shows.
EDIT: The fix has now been committed into Dataproc's init action repository and synced to gs://dataproc-initialization-actions. Deployments out-of-the-box once again work without an extra login page in the Jupyter UI.
A new metadata option has also been added if you do want to specify a token which Jupyter also allows to be used in the password field, with key JUPYTER_AUTH_TOKEN. Use it as follows only if you want a login page requesting your specified token (no metadata keys are necessary if you just want the old behavior of no login page):
gcloud dataproc clusters create \
--initialization-actions gs://dataproc-initialization-actions/jupyter/jupyter.sh \
--metadata JUPYTER_AUTH_TOKEN=foobarbaz
Then your login password will be foobarbaz.
When you dont set any password you can login with the your server credentials where it is installed.

Logging into PHPMYADMIN

My website runs off of an AWS server. I went to login to phpmyadmin and placed in the username and password that matches the username and password in config.inc.php and I get the error:
The user name or password you entered for this area on ___________:80 was incorrect
Any suggestions on how I can fix this?
phpMyAdmin doesn't have user accounts, when you enter your credentials in the login field those are passed on directly to MySQL (more information).
The only time you should need to have your username and password in config.inc.php is if you're using the "config" auth_type, in which case you aren't prompted at all when logging in.
But the thing is, that doesn't sound like a phpMyAdmin error message. Perhaps you have some other means in place of protecting your phpMyAdmin installation, such as a .htaccess file or Apache configuration directives.
I suggest starting with the command line client, see if you can log in with the username and password you have. Next, look at the phpMyAdmin configuration, config.inc.php, and for testing purposes I suggest you use auth_type cookie. That way, if you get a popup login dialog you know something else is restricting you. With auth_type cookie, phpMyAdmin displays the username and password fields on a web page form rather than a popup dialog. Finally, check your webserver error log for any hints; it might log more information about where this authentication is configured.

Passing a user and password in a clickable URI link securely

I have a device that allows for remote control using something like this:
https://gooduser:secretpassword#www.example.com/webcallback?foo=bar
My question is, can I some how send an encrypted user/password so that end-users can't pull the username and password and login to the device?
My issue here is that I need these to be clickable links to send remote commands.
Instead of putting your user nameand password in url, use HTML headers. Since you are calling https they will be encrypted. How you use it depends on your environment but using wget the command would be:
wget --user=gooduser --password=secretpassword https://www.example.com/webcallback?foo=bar