- The JOC Cockpit HTTPS Authentication requires to add keystore and trustore passwords to access the keystore or private keys in JETTY_BASE/start.ini file. These passwords are stored in the configuration files as plain text. To make the passwords secure it should accept the hashed password.
- The hashed passwords are accepted and can be used in /Scheduler_DATA/config/private/private.conf file when we setup authentication for JobScheduler Master webservice like:
- The hashed passwords are accepted and can be used in <agent_data>/config/private also when we setup authentication between Master and Agent.
- The hashed passwords when used while configuring jetty are not accepted by JOC Cockpit, the Jetty documentation confirms, jetty can configure hash passwords with the parameters
jetty.sslContext.keyStorePassword, jetty.sslContext.keyManagerPassword, and jetty.sslContext.trustStorePassword.
- When JETTY is configured with hashed passwords the JOC Cokcpit throws exception "java.security.PrivilegedActionException: java.io.IOException: Keystore was tampered with, or password was incorrect" . Refer to the attached 2019_03_07.stderrout.log file for more details.
- The JOC Cockpit should also support hash passwords while configuring Jetty as accepted by JobScheduler Master, Agent and even in JOC Cockpit when used in JETTY_BASE/resources/joc/shiro.ini.