# ----------------------------------------------------------------------

#           Template for jmxremote.password

#

# o Copy this template to jmxremote.password

# o Set the user/password entries in jmxremote.password

# o Change the permission of jmxremote.password to be accessible

#   only by the owner.

# o The jmxremote.passwords file will be re-written by the server

#   to replace all plain text passwords with hashed passwords when

#   the file is read by the server.

#

##############################################################

#        Password File for Remote JMX Monitoring

##############################################################

#

# Password file for Remote JMX API access to monitoring.  This

# file defines the different roles and their passwords.  The access

# control file (jmxremote.access by default) defines the allowed

# access for each role.  To be functional, a role must have an entry

# in both the password and the access files.

#

# Default location of this file is $JRE/conf/management/jmxremote.password

# You can specify an alternate location by specifying a property in

# the management config file $JRE/conf/management/management.properties

# or by specifying a system property (See that file for details).

##############################################################

#    File format of the jmxremote.password file

##############################################################

#

# The file contains multiple lines where each line is blank,

# a comment (like this one), or a password entry.

#

# password entry follows the below syntax

#   role_name W [clearPassword|hashedPassword]

#

# role_name is any string that does not itself contain spaces or tabs.

# W = spaces or tabs

#

# Passwords can be specified via clear text or via a hash. Clear text password

# is any string that does not contain spaces or tabs. Hashed passwords must

# follow the below format.

# hashedPassword = base64_encoded_64_byte_salt W base64_encoded_hash W hash_algorithm

# where,

#   base64_encoded_64_byte_salt = 64 byte random salt

#   base64_encoded_hash = Hash_algorithm(password + salt)

#   W = spaces or tabs

#   hash_algorithm = Algorithm string specified using the format below

#       https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#messagedigest-algorithms

#       This is an optional field. If not specified, SHA3-512 will be assumed.

#

# If passwords are in clear, they will be overwritten by their hash if all of

# the below criteria are met.

#   * com.sun.management.jmxremote.password.toHashes property is set to true in

#     management.properties file

#   * the password file is writable

#   * the system security policy allows writing into the password file, if a

#     security manager is configured

#

# In order to change the password for a role, replace the hashed password entry

# with a new clear text password or a new hashed password. If the new password

# is in clear, it will be replaced with its hash when a new login attempt is made.

#

# A given role should have at most one entry in this file.  If a role

# has no entry, it has no access.

# If multiple entries are found for the same role name, then the last one

# is used.

#

# A user generated hashed password file can also be used instead of clear-text

# password file. If generated by the user, hashed passwords must follow the

# format specified above.

#

# Caution: It is recommended not to edit the password file while the

# agent is running, as edits could be lost if a client connection triggers the

# hashing of the password file at the same time that the file is externally modified.

# The integrity of the file is guaranteed, but any external edits made to the

# file during the short period between the time that the agent reads the file

# and the time that it writes it back might get lost

##############################################################

#    File permissions of the jmxremote.password file

##############################################################

#       This file must be made accessible by ONLY the owner,

#       otherwise the program will exit with an error.

#

# In a typical installation, this file can be accessed by anybody on the

# local machine, and possibly by people on other machines.

# For security, you should either restrict the access to this file except for owner,

# or specify another, less accessible file in the management config file

# as described above.

#

# In order to prevent inadverent edits to the password file in the 

# production environment, it is recommended to deploy a read-only 

# hashed password file. The hashed entries for clear passwords can be generated 

# in advance by running the JMX agent.

#

##############################################################

#    Sample of the jmxremote.password file

##############################################################

# Following are two commented-out entries.  The "monitorRole" role has

# password "QED".  The "controlRole" role has password "R&D". This is an example

# of specifying passwords in the clear

#

#   monitorRole  QED

#   controlRole  R&D

# 

# Once a login attempt is made, passwords will be hashed and the file will have 

# below entries with clear passwords overwritten by their respective 

# SHA3-512 hash

#

#   monitorRole trilby APzBTt34rV2l+OMbuvbnOQ4si8UZmfRCVbIY1+fAofV5CkQzXS/FDMGteQQk/R3q1wtt104qImzJEA7gCwl6dw== 4EeTdSJ7X6Imu0Mb+dWqIns7a7QPIBoM3NB/XlpMQSPSicE7PnlALVWn2pBY3Q3pGDHyAb32Hd8GUToQbUhAjA== SHA3-512

#   controlRole roHEJSbRqSSTII4Z4+NOCV2OJaZVQ/dw153Fy2u4ILDP9XiZ426GwzCzc3RtpoqNMwqYIcfdd74xWXSMrWtGaA== w9qDsekgKn0WOVJycDyU0kLBa081zbStcCjUAVEqlfon5Sgx7XHtaodbmzpLegA1jT7Ag36T0zHaEWRHJe2fdA== SHA3-512

#