Authentication Add-in

Similar Messages

• New Adobe Media Server Authentication Add-In

  A new rebranded Adobe Media Server Authentication Add-In for Flash Media Live Encoder(FMLE) has been posted on FMLE download page. This version will work with both Adobe Media Server as well as Flash Media Server.
  Grab it from here
  https://www.adobe.com/cfusion/entitlement/index.cfm?e=fmle3
  Team AMS

  thank you for your help but it did not work for me i installed the FMS on the default pass knowing iam using win 64 and i installed the FMS authentication add-in for this version it said installation complete and the server restarted
  i used cmd to reach /conf i found the 2 files i used command
  users add -u username -p password
  to add the user
  i tried to test and started FMLencoder v3.2 and it just started to stream and did not ask me for any username or password as you can see here
  Wed May 04 2011 20:12:01 : Selected video input device: Chicony USB 2.0 Camera
  Wed May 04 2011 20:12:02 : Selected audio input device: Microphone (Realtek High Defini
  Wed May 04 2011 20:12:20 : Renaming existing file from C:\Users\Eslam\Videos\sample.flv to C:\Users\Es\Videos\sample.9.flv
  Wed May 04 2011 20:12:22 : Primary - Connected to FMS/3,5,1,516
  Wed May 04 2011 20:12:22 : Primary - Network Command: onBWDone
  Wed May 04 2011 20:12:22 : Primary - Stream[livestream] Status: Success
  Wed May 04 2011 20:12:22 : Primary - Network Command: onFCPublish
  Wed May 04 2011 20:12:22 : Primary - Stream[livestream] Status: NetStream.Publish.Start
  Wed May 04 2011 20:12:22 : Session Started
  Wed May 04 2011 20:12:23 : Audio Encoding Started
  Wed May 04 2011 20:12:24 : Video Encoding Started
  how can i verify the add on working correctly and use it

• Problems Installing Authentication Add-in FMS3

  Hi,
  Im trying to install the "Flash Media Server Authentication
  Add-in" on my server running Linux. I download the file, execute it
  but the it just not work. When I tryed on my Windows machine it
  work perfectly.
  Any idea? Instruction?
  Thanks

  Thank you Pushpendra. I have installed Adobe Media Server 5.0.1 Standard on Windows 2008 server 64-bit. The authentication add-in was downloaded from Adobe - Flash Media Live Encoder 3.2. When I try to install it, this is what I get :

• Flash Media Live Encoder Authentication Add-In not working

  I have installed the Authentication Add-In on a FMS 3.5.5 Development version, running Windows 2008 Server.  I can easily get to the users.exe command prompt and add users with no problem.  BUT, when I open the Flash Media Live Encoder and go to enter a username/password when connecting to the server, I keep getting "User Not Found".  I've went back several times using users.exe and tested for my user credentials and it always states that the user is there.  Can some please tell me what I am doing wrong here?

  So you have libconnect.dll placed in modules/access folder of your FMS?

• Adobe Media Server and the Authentication Add-In

  The Authentication Add-In (used to authenticate Adobe Live Media Encoders connecting to FMS) will not install with Adobe Media Server because it looks for Flash Media Server and does not recognise Adobe Media Server.
  Is there a workaround or a new version of the Authentication Add-In?

  The new auth plugin still doesn't work against Wirecast/FM 1.0 agents. The only way I was able to block these agents was through the main.asc file you put in your application. On the function application.onConnect insert this
  if( (p_client.agent.search("Wirecast")!=-1) || (p_client.agent.search("FM 1")!=-1) )
          trace (p_client.agent + " FM 1.0/Wirecast agent detected ...rejecting connection from "+p_client.ip);
          return false;
  How do you require WireCast agents to be forced to enter a password?
  Where/how do you put this action script, does anyone have any examples?

• Authentication Add-In Allows Old User Agents without Authentication

  I have installed AdobeFlash Media Development Server (as a test for Interactive Server 3.5) and the Authentication Add-In v3.  It works great with Flash Media Encoder 3 (FMLE/3.0), but if I specify a different user agent (FME/2.5 or FM/1.0) using an older version of the encoder or another brand encoder that supports multiple user agents (eg. Wirecast) the authentication is completely ignored.
  Is there a way to restrict Adobe Flash Media Interactive Server to accepting uploads from user agent FMLE/3.0 only (or cause it to respect credentials from older user agents . . . if they even send credentials)?
  Thanks!
  Dan

  Given Asa's comment on FMSS (thanks FMS engineering team for addressing that one), I'm wondering if in your production environment you're always going to use FMLE as the publishing client. If in the future you decide to use a third party encoder that doesn't play nice with the auth addin, you're going to be stuck.
  In that case, I'd seriously consider going with interactive server. What I like to do for authenticating publishers is to require credentials as GET variables on the RTMP URL, and then inspect the client.uri property to pick them out and validate them. That way, you can give any encoder (other than old versions of FMLE that don't allow get vars... go figure) a URL like
  rtmp://myserver.com/app/instance/?password=12345
  and FMIS can authenticate the user through server side actionscript. This authentication can happen in the application.onPublish handler, so you can wait to authenticate until the client starts publishing something (in case subscribers are connecting to the same app).

• FMS Authentication Add-in (optional)

  Hi all.
  I downloaded auth_addin_win_v2.6.msi and installed it. But my
  encoder required me ID and Pass. How can i to configure this ID and
  Pass in my FMS.
  Thank you.

  open windows comand prompt and change to the configuration
  directory of media server normally:
  c:/Program Files/adobe/Flash Media Sedrver 3/conf
  and then type the users command there,
  for example if you want to add a user named "joe" and his
  password will be "1234" you will type the following at the comand
  prompt
  users add -u joe -p 1234

• FMS 4.02 64-bit - how to install the authentication add-in?

  The FMS_auth_addin_win_v3.msi insists to put the files into C:\Program Files (x86)\Adobe\Flash Media Server 4\conf but the server is installed in C:\Program Files\Adobe\Flash Media Server 4. I nuked all the Abobe content in the 32 bit area, but it keeps re-installing it there.
  The server used to run 32-bit FMS 3.5, but since we upgraded, I can't get the authentication addin to work. Can I just copy the thing over?

  I installed it on my test server (same OS, FMS 4.02 64-bit dev server, but just a single network card and no data center firewalls) - works like a charm there.
  the dat file on the big server looks ok (proper user name in there, and then some password hash salad for both names I added.
  The test system also runs on port 2222, so that's not the issue.
  so I stopped services, uninstalled, reinstalled, added users again, and tried it again. only to get the same error.
  Connection rejected by server. Reason : [ AccessManager.Reject ] : [ authmod=adobe ] : ?reason=needauth&user=pburke&salt=TSYAAA==&challenge=tiYAAA==&opaque=tiYAAA==
  Then I got curious and looked into the event log of the server that acctually worked - and there's the very same error message! I double checked - connected successfully again, and at the very same time I get that error in the log for the session that works!
  so - a) error generated when there is no error, and b) one system lets me stream, the other doesn't (most likely our hardware firewall - I need to know ports to open. Right now we only allow 1935 and 80 for that IP

• How to install authentication add on ams linux

  do any one know the correct way to install the auth add on for adobe media server on linux box

  Hi there
  No doubt SOMEBODY does. But it's doubtful you will find them here, as this is a sub forum for Adobe Captivate. You might try again by clicking the link below and locating a forum that appears to match the product you are using.
  Click here to view
  Best of luck to you in resolving your issue! Rick

• Can't add user name in Flash Media Server Authentication Add-in

  when i enter the following commend
  users add -u username -p password
  it returned the following error
  users: invalid option -- u
  please help me

  to add users in linux
  ./users add -u username -p userpassword
  for installation
  ./installSAA --force if u have old install,
  for fresh install
  upload auth install zip file
  run in ssh
  unzip filename.zip
  ./installSAA

• Authentication on FMS 3.0.1

  Ok,
  I have a windows server(2003) with FMS 3.01 and already installed Authentication Add-in (3)... Already open' up a command prompt and added users using users.exe ($ROOT/conf) and checking them after, but when i go and publish something with FMLE 3, it still doesn't promp for a user and pass login.
  Restarted the server and everything else, and nothing seems to work!
  I'm new in FMS and my english is not that good, but if someone can help, i appreciate!
  Thanks!

  Hi greglopes,
  Its already out - you can upgrade to 3.0.6 - http://www.adobe.com/support/flashmediaserver/downloads_updaters.html - This update has fixed this security issue

• WLC+LAP+ACS4.0 achieving 802.1x PEAP and MAC address authentication ?

  How to configure WLC + LAP + ACS4.0, achieving username and password authentication and MAC address at the same time

  This might help with the PEAP:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00807917aa.shtml
  MAC Authentication
  Add a MAC Address to ACS
  Complete these steps:
  1. From the ACS main menu, click on the User Setup button.
  2. In the User text box, enter the MAC address to add to the user database.
  Note: The MAC address must be exactly as it is sent by the AP for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is being reported by the AP. Do not cut and paste the MAC address, as this can introduce phantom characters.
  3. On the User Setup screen, enter the MAC address in the Secure-PAP password text box.
  Note: The MAC address must be exactly as it is sent by the AP for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is being reported by the AP. Do not cut and paste the MAC address, as this can introduce phantom characters.
  4. Check the Separate (CHAP/MS-CHAP) box.
  5. Enter a password for CHAP/MS-CHAP (this password should be different from the MAC address).
  6. Click Submit.

• FMS 3.5 Authentification Add-In

  Hey everyone,
  So I have a FMS 3.5, which I want to do live streams. The thing is I want several different people to be able to do the live broadcast, and I would like the server locked down at least a little and not allow anyone that wants to, to start a broadcast.
  With that said, I have FMS 3.5 installed, and I installed the Authentificaiton Add-In (3.0). I added a user to the authentification add-in, but it's still doesn't require a username / password, doesn't even prompt me.
  Is there a setting / config I have to set to enable this?

  Follow this link
  http://help.adobe.com/en_US/FlashMediaEncoder/2.5/help.html?content=config_automate_33.htm l this tells how to configure Flash Media Encoder 2.5 Authentication Add-in.
  After installing Authentication Add-in open command prompt go to FMS installed directory and then go to conf directory and use following commands to create user and check it :
  C:\Program Files\Adobe\Flash Media Server 3.5\conf> users add -u <username> -p <password>
  Operation Successful:  New user entry added.
  C:\Program Files\Adobe\Flash Media Server 3.5\conf> users check -u <username> -p <password>
  Operation Successful:  Username and password match.
  You will be prompted for username/password on FMLE side which is used to publish to FMS and not on FMS side.
  I hope this will be useful. If still getting problems provide some other details like which FMLE and Authentication module you are using.
  Regards,
  Amit

• How to get params in FMS auth add-in(plugin)?

  I CONNECT to fms in swf-file, like below:
  nc.connect(rtmp,param1,param2);
  I know that I could get the params in ASC file. with application.onConnection
  and now,I wanna to get the params in fms Authentication Add-in,How to do?please.
  thanx... ^^

  The easiest way is to use the Status-4-Evar add-on. With it you can choose to not display any of the status messages, or display them in the add-ons bar or location bar instead.
  https://addons.mozilla.org/firefox/addon/status-4-evar

• An unexpected error has been detected by HotSpot Virtual Machine:

  Hi
  When I upload the xml file with dubug window.
  When I have debug then this message will come..
  So give me a solution..
  Here at below I have pasted files. in which I want to by pass the ldap..
  So give me suggestion what to do with that files.
  What's wrong with that file ?
  Jiten
  18 Oct 2007 17:02:09 0 INFO [main] security.SecurityUtil - SecurityUtil.login: Called with [email protected]; password=[C@1797795; sourceIpAddress=192.168.5.14; weblogin=false; realm=null
  18 Oct 2007 17:02:09 16    INFO  [main] security.SecurityUtil - login: start login: username: [email protected]
  18 Oct 2007 17:02:09 125 INFO [main] BOOT - -- boot log messages -->
  [BOOT] INFO: Loading OJB's properties: file:/C:/LMS/gsnx/deploy/webapp/gsnx.ear/webapp.war/WEB-INF/classes/OJB.properties
  [BOOT] WARN: Can't read logging properties file using path 'OJB-logging.properties', message is:
  C:\LMS\gsnx\OJB-logging.properties (The system cannot find the file specified)
  Will try to load logging properties from OJB.properties file
  [BOOT] INFO: Logging: Found 'log4j.properties' file, use class org.apache.ojb.broker.util.logging.Log4jLoggerImpl
  [BOOT] INFO: Log4J is already configured, will not search for log4j properties file
  18 Oct 2007 17:02:12 3282 INFO [main] security.SecurityUtil - SecurityUtil.login: Calling authentication with [email protected]; password=[C@1797795; realm=null
  # An unexpected error has been detected by HotSpot Virtual Machine:
  #  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d85c14f, pid=4032, tid=3260
  # Java VM: Java HotSpot(TM) Client VM (1.5.0_11-b03 mixed mode)
  # Problematic frame:
  # V  [jvm.dll+0x11c14f]
  # An error report file with more information is saved as hs_err_pid4032.log
  # If you would like to submit a bug report, please visit:
  # http://java.sun.com/webapps/bugreport/crash.jsp
  Here :This is my login.config file..
  * Copyright (c) 2003-2005 E2open Inc. All rights reserved.
  * gnsx security configuration file
  * Note:
  * 1. At installation time, java.security file in your jre's lib/security/ directory should
  * be edited add the following line (ganx.home} is the home directory of gsnx install
  * login.config.url.1=file:{gsnx.home}/conf/login.config
  * 2. Edit this file to replace ldap-url with the correct url for your
  * LoginModule configuration.
  * @version $Id: login.config,v 1.8 2006/02/04 18:38:11 vgeorge Exp $
  gsnx.security.Login
  * LdapLoginModule Options:
  * ldap-url - LDAP connection URL, such as ldap://localhost:389
  * e.g. ldap-url="ldap://192.168.31.63:389"
  * dn-mask - The DN mask for user. The number 0 refers to the parameter
  * number for username. If this is specified then user search is ingored.
  * **This option is DEPRECATED**.
  * e.g. dn-mask="cn={0},ou=People,dc=gsnx,dc=com"
  * initialContextFactory - Class name of the initial context factory
  * e.g. initialContextFactory="com.sun.jndi.ldap.LdapCtxFactory"
  * connection-username - The DN used by the login module itself for authentication to
  * the directory server.
  * e.g. connection-username="uid=admin,ou=system"
  * connection-password - Password that is used by the login module to authenticate
  * itself to the directory server
  * e.g. connection-password="password"
  * connectionProtocol - The security protocol to use. This value is determined by the
  * service provider. An example would be SSL.
  * e.g. connectionProtocol="ldap"
  * authentication - The security level to use. Its value is one of the following
  * strings: "none", "simple", "strong".
  * e.g. authentication="simple"
  * user-search-base - the base DN for the user search
  * e.g. user-search-base="ou=users,ou=system"
  * user-search-pattern - filter specification how to search for the user object.
  * RFC 2254 filters are allowed. For example: (uid=user1). To parameterize the value
  * of the CN attribute type, specify (uid = {0}). The number 0 refers to the parameter
  * number for username. This query must return exactly one object.
  * e.g. user-search-pattern="uid={0}"
  * user-search-scope-subtree - Directory search scope for the user (ture | false)
  * ture - directory search scope is SUBTREE
  * false - directory search scope is ONE-LEVEL
  * e.g. user-search-scope-subtree="true"
  * user-password-changepw-gsnx-handler - hander to change password
  * If this handler is not specified, the change password feature will not be available
  * if "com.gsnx.core.server.security.LdapLoginModule", is used the the
  * option - user-password-attribute is required.
  * e.g. user-password-changepw-gsnx-handler="com.gsnx.core.server.security.LdapLoginModule"
  * user-password-attribute - attribute in LDAP that stores the user password
  * If this is not specified, the change password feature will not be work
  * when "com.gsnx.core.server.security.LdapLoginModule", is used as
  * user-password-changepw-gsnx-handler
  * e.g. user-password-attribute="userPassword"
  * role-search-base - The base DN for the group membership search
  * e.g. role-search-base="ou=groups,ou=system"
  * role-name-attribute - LDAP attribute type that identifies group name attribute in the object
  * returned from the group membership query. The group membership query is defined
  * by the role-search-pattern parameter. Typically the group name parameter is "cn".
  * e.g. role-name="cn"
  * role-search-pattern - The filter specification how to search for the role object.
  * RFC 2254 filters are allowed. For example: (uniqueMember = {0}). The number 0
  * refers refers to the DN of the authenticated user. Note that if role membership
  * for the user is defined in the member-of-like attribute (see user-role-name
  * parameter) you may not need to search for group membership with the query.
  * e.g. role-search-pattern="(uniqueMember={0})"
  * role-search-scope-subtree - Directory search scope for the role (ture | false).
  * ture - directory search scope is SUBTREE
  * false - directory search scope is ONE-LEVEL
  * e.g. role-search-scope-subtree="false"
  * user-role-attribute - LDAP attribute type for the user group membership. Different LDAP
  * schemas represent user group membership in different ways such as memberOf,
  * isMemberOf, member, etc. Values of these attributes are identifiers of groups that
  * a user is a member of. For example, if you have: memberOf: cn=admin,ou=groups,dc=gsnx,
  * specify "memberOf" as the value for the user-role-name attribute. Be aware of the
  * relationship between this parameter and group membership query. Typically
  * they will return the same data.
  * e.g. user-role-name="memberOf"
  * ldap://ldap-qa.dev.e2open.com:389
  * ldap://192.168.31.63:389
  com.gsnx.core.server.security.PassthruLoginModule required
  *com.gsnx.core.server.security.LdapLoginModule required
  initial-context-factory="com.sun.jndi.ldap.LdapCtxFactory"
  ldap-url="ldap://ldap-qa.dev.e2open.com:389"
  connection-username="cn=Manager,dc=gsnx,dc=com"
  connection-password="slapface"
  connection-protocol="ldap"
  authentication="simple"
  user-search-base="dc=gsnx,dc=com"
  user-search-pattern="cn={0}"
  user-search-scope-subtree="true"
  user-password-changepw-gsnx-handler="com.gsnx.core.server.security.PassthruLoginModule"
  user-password-attribute="userPassword"
  role-search-base=""
  role-name-attribute=""
  role-search-pattern=""
  role-search-scope-subtree=""
  user-role-attribute="";
  This is LoginConfig.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <!-- The XML based JAAS login configuration read by the
  org.jboss.security.auth.login.XMLLoginConfig mbean. Add
  an application-policy element for each security domain.
  The outline of the application-policy is:
  <application-policy name="security-domain-name">
  <authentication>
  <login-module code="login.module1.class.name" flag="control_flag">
  <module-option name = "option1-name">option1-value</module-option>
  <module-option name = "option2-name">option2-value</module-option>
  </login-module>
  <login-module code="login.module2.class.name" flag="control_flag">
  </login-module>
  </authentication>
  </application-policy>
  $Revision: 1.12.2.2 $
  --><!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd">
  <policy>
  <!-- Used by clients within the application server VM such as
  mbeans and servlets that access EJBs.
  -->
  <application-policy name="gsnx.security.Login">
  <authentication>
  <!-- <login-module code="com.gsnx.core.server.security.LdapLoginModule" flag="required">-->
  <login-module code="com.gsnx.core.server.security.PassthruLoginModule" flag="required">
  <module-option name="initial-context-factory">com.sun.jndi.ldap.LdapCtxFactory
  </module-option>
  <!--<module-option name="user-password-changepw-gsnx-handler">com.gsnx.core.server.security.LdapLoginModule-->
  <module-option name="user-password-changepw-gsnx-handler">com.gsnx.core.server.security.PassthruLoginModule
  </module-option>
  <!-- <module-option name="ldap-url">ldap://192.168.31.63:389</module-option> -->
  <!-- <module-option name="ldap-url">ldap://10.120.17.253:389</module-option> -->
  <module-option name="ldap-url">ldap://ldap-qa.dev.e2open.com:389</module-option>
  <module-option name="connection-username">cn=Manager,dc=gsnx,dc=com</module-option>
  <module-option name="connection-password">slapface</module-option>
  <module-option name="connection-protocol">ldap</module-option>
  <module-option name="authentication">simple</module-option>
  <module-option name="user-search-base">dc=gsnx,dc=com</module-option>
  <module-option name="user-search-pattern">cn={0}</module-option>
  <module-option name="user-search-scope-subtree">true</module-option>
  <module-option name="user-password-attribute"/>
  <module-option name="role-search-base"/>
  <module-option name="role-name-attribute"/>
  <module-option name="role-search-pattern"/>
  <module-option name="role-search-scope-subtree"/>
  <module-option name="user-role-attribute"/>
  </login-module>
  </authentication>
  </application-policy>
  <application-policy name="client-login">
  <authentication>
  <login-module code="org.jboss.security.ClientLoginModule" flag="required">
  </login-module>
  </authentication>
  </application-policy>
  <!-- Security domain for JBossMQ -->
  <application-policy name="jbossmq">
  <authentication>
  <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
  <module-option name="unauthenticatedIdentity">guest</module-option>
  <module-option name="dsJndiName">java:/DefaultDS</module-option>
  <module-option name="principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
  <module-option name="rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
  </login-module>
  </authentication>
  </application-policy>
  <!-- Security domain for JBossMQ when using file-state-service.xml
  <application-policy name = "jbossmq">
  <authentication>
  <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
  flag = "required">
  <module-option name = "unauthenticatedIdentity">guest</module-option>
  <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
  </login-module>
  </authentication>
  </application-policy>
  -->
  <!-- Security domains for testing new jca framework -->
  <application-policy name="HsqlDbRealm">
  <authentication>
  <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
  <module-option name="principal">sa</module-option>
  <module-option name="userName">sa</module-option>
  <module-option name="password"/>
  <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
  </login-module>
  </authentication>
  </application-policy>
  <application-policy name="JmsXARealm">
  <authentication>
  <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
  <module-option name="principal">guest</module-option>
  <module-option name="userName">guest</module-option>
  <module-option name="password">guest</module-option>
  <module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
  </login-module>
  </authentication>
  </application-policy>
  <!-- A template configuration for the jmx-console web application. This
  defaults to the UsersRolesLoginModule the same as other and should be
  changed to a stronger authentication mechanism as required.
  -->
  <application-policy name="jmx-console">
  <authentication>
  <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
  <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
  <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
  </login-module>
  </authentication>
  </application-policy>
  <!-- A template configuration for the web-console web application. This
  defaults to the UsersRolesLoginModule the same as other and should be
  changed to a stronger authentication mechanism as required.
  -->
  <application-policy name="web-console">
  <authentication>
  <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
  <module-option name="usersProperties">web-console-users.properties</module-option>
  <module-option name="rolesProperties">web-console-roles.properties</module-option>
  </login-module>
  </authentication>
  </application-policy>
  <!-- A template configuration for the JBossWS web application (and transport layer!).
  This defaults to the UsersRolesLoginModule the same as other and should be
  changed to a stronger authentication mechanism as required.
  -->
  <application-policy name="JBossWS">
  <authentication>
  <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
  <module-option name="unauthenticatedIdentity">anonymous</module-option>
  </login-module>
  </authentication>
  </application-policy>
  <!-- The default login configuration used by any security domain that
  does not have a application-policy entry with a matching name
  -->
  <application-policy name="other">
  <!-- A simple server login module, which can be used when the number
  of users is relatively small. It uses two properties files:
  users.properties, which holds users (key) and their password (value).
  roles.properties, which holds users (key) and a comma-separated list of
  their roles (value).
  The unauthenticatedIdentity property defines the name of the principal
  that will be used when a null username and password are presented as is
  the case for an unuathenticated web client or MDB. If you want to
  allow such users to be authenticated add the property, e.g.,
  unauthenticatedIdentity="nobody"
  -->
  <authentication>
  <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"/>
  </authentication>
  </application-policy>
  </policy>
  This is : java.security
  # This is the "master security properties file".
  # In this file, various security properties are set for use by
  # java.security classes. This is where users can statically register
  # Cryptography Package Providers ("providers" for short). The term
  # "provider" refers to a package or set of packages that supply a
  # concrete implementation of a subset of the cryptography aspects of
  # the Java Security API. A provider may, for example, implement one or
  # more digital signature algorithms or message digest algorithms.
  # Each provider must implement a subclass of the Provider class.
  # To register a provider in this master security properties file,
  # specify the Provider subclass name and priority in the format
  # security.provider.<n>=<className>
  # This declares a provider, and specifies its preference
  # order n. The preference order is the order in which providers are
  # searched for requested algorithms (when no specific provider is
  # requested). The order is 1-based; 1 is the most preferred, followed
  # by 2, and so on.
  # <className> must specify the subclass of the Provider class whose
  # constructor sets the values of various properties that are required
  # for the Java Security API to look up the algorithms or other
  # facilities implemented by the provider.
  # There must be at least one provider specification in java.security.
  # There is a default provider that comes standard with the JDK. It
  # is called the "SUN" provider, and its Provider subclass
  # named Sun appears in the sun.security.provider package. Thus, the
  # "SUN" provider is registered via the following:
  # security.provider.1=sun.security.provider.Sun
  # (The number 1 is used for the default provider.)
  # Note: Statically registered Provider subclasses are instantiated
  # when the system is initialized. Providers can be dynamically
  # registered instead by calls to either the addProvider or
  # insertProviderAt method in the Security class.
  # List of providers and their preference orders (see above):
  security.provider.1=sun.security.provider.Sun
  security.provider.2=sun.security.rsa.SunRsaSign
  security.provider.3=com.sun.net.ssl.internal.ssl.Provider
  security.provider.4=com.sun.crypto.provider.SunJCE
  security.provider.5=sun.security.jgss.SunProvider
  security.provider.6=com.sun.security.sasl.Provider
  # Select the source of seed data for SecureRandom. By default an
  # attempt is made to use the entropy gathering device specified by
  # the securerandom.source property. If an exception occurs when
  # accessing the URL then the traditional system/thread activity
  # algorithm is used.
  # On Solaris and Linux systems, if file:/dev/urandom is specified and it
  # exists, a special SecureRandom implementation is activated by default.
  # This "NativePRNG" reads random bytes directly from /dev/urandom.
  # On Windows systems, the URLs file:/dev/random and file:/dev/urandom
  # enables use of the Microsoft CryptoAPI seed functionality.
  securerandom.source=file:/dev/urandom
  # The entropy gathering device is described as a URL and can also
  # be specified with the system property "java.security.egd". For example,
  # -Djava.security.egd=file:/dev/urandom
  # Specifying this system property will override the securerandom.source
  # setting.
  # Class to instantiate as the javax.security.auth.login.Configuration
  # provider.
  login.configuration.provider=com.sun.security.auth.login.ConfigFile
  # Default login configuration file
  login.config.url.1=C:\LMS\gsnx\core\src\conf\login.config
  # Class to instantiate as the system Policy. This is the name of the class
  # that will be used as the Policy object.
  policy.provider=sun.security.provider.PolicyFile
  # The default is to have a single system-wide policy file,
  # and a policy file in the user's home directory.
  policy.url.1=file:${java.home}/lib/security/java.policy
  policy.url.2=file:${user.home}/.java.policy
  # whether or not we expand properties in the policy file
  # if this is set to false, properties (${...}) will not be expanded in policy
  # files.
  policy.expandProperties=true
  # whether or not we allow an extra policy to be passed on the command line
  # with -Djava.security.policy=somefile. Comment out this line to disable
  # this feature.
  policy.allowSystemProperty=true
  # whether or not we look into the IdentityScope for trusted Identities
  # when encountering a 1.1 signed JAR file. If the identity is found
  # and is trusted, we grant it AllPermission.
  policy.ignoreIdentityScope=false
  # Default keystore type.
  keystore.type=jks
  # Class to instantiate as the system scope:
  system.scope=sun.security.provider.IdentityDatabase
  # List of comma-separated packages that start with or equal this string
  # will cause a security exception to be thrown when
  # passed to checkPackageAccess unless the
  # corresponding RuntimePermission ("accessClassInPackage."+package) has
  # been granted.
  package.access=sun.
  # List of comma-separated packages that start with or equal this string
  # will cause a security exception to be thrown when
  # passed to checkPackageDefinition unless the
  # corresponding RuntimePermission ("defineClassInPackage."+package) has
  # been granted.
  # by default, no packages are restricted for definition, and none of
  # the class loaders supplied with the JDK call checkPackageDefinition.
  #package.definition=
  # Determines whether this properties file can be appended to
  # or overridden on the command line via -Djava.security.properties
  security.overridePropertiesFile=true
  # Determines the default key and trust manager factory algorithms for
  # the javax.net.ssl package.
  ssl.KeyManagerFactory.algorithm=SunX509
  ssl.TrustManagerFactory.algorithm=PKIX
  # Determines the default SSLSocketFactory and SSLServerSocketFactory
  # provider implementations for the javax.net.ssl package. If, due to
  # export and/or import regulations, the providers are not allowed to be
  # replaced, changing these values will produce non-functional
  # SocketFactory or ServerSocketFactory implementations.
  #ssl.SocketFactory.provider=
  #ssl.ServerSocketFactory.provider=
  # The Java-level namelookup cache policy for successful lookups:
  # any negative value: caching forever
  # any positive value: the number of seconds to cache an address for
  # zero: do not cache
  # default value is forever (FOREVER). For security reasons, this
  # caching is made forever when a security manager is set.
  # NOTE: setting this to anything other than the default value can have
  # serious security implications. Do not set it unless
  # you are sure you are not exposed to DNS spoofing attack.
  #networkaddress.cache.ttl=-1
  # The Java-level namelookup cache policy for failed lookups:
  # any negative value: cache forever
  # any positive value: the number of seconds to cache negative lookup results
  # zero: do not cache
  # In some Microsoft Windows networking environments that employ
  # the WINS name service in addition to DNS, name service lookups
  # that fail may take a noticeably long time to return (approx. 5 seconds).
  # For this reason the default caching policy is to maintain these
  # results for 10 seconds.
  networkaddress.cache.negative.ttl=10
  # Properties to configure OCSP for certificate revocation checking
  # Enable OCSP
  # By default, OCSP is not used for certificate revocation checking.
  # This property enables the use of OCSP when set to the value "true".
  # NOTE: SocketPermission is required to connect to an OCSP responder.
  # Example,
  # ocsp.enable=true
  # Location of the OCSP responder
  # By default, the location of the OCSP responder is determined implicitly
  # from the certificate being validated. This property explicitly specifies
  # the location of the OCSP responder. The property is used when the
  # Authority Information Access extension (defined in RFC 3280) is absent
  # from the certificate or when it requires overriding.
  # Example,
  # ocsp.responderURL=http://ocsp.example.net:80
  # Subject name of the OCSP responder's certificate
  # By default, the certificate of the OCSP responder is that of the issuer
  # of the certificate being validated. This property identifies the certificate
  # of the OCSP responder when the default does not apply. Its value is a string
  # distinguished name (defined in RFC 2253) which identifies a certificate in
  # the set of certificates supplied during cert path validation. In cases where
  # the subject name alone is not sufficient to uniquely identify the certificate
  # then both the "ocsp.responderCertIssuerName" and
  # "ocsp.responderCertSerialNumber" properties must be used instead. When this
  # property is set then those two properties are ignored.
  # Example,
  # ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
  # Issuer name of the OCSP responder's certificate
  # By default, the certificate of the OCSP responder is that of the issuer
  # of the certificate being validated. This property identifies the certificate
  # of the OCSP responder when the default does not apply. Its value is a string
  # distinguished name (defined in RFC 2253) which identifies a certificate in
  # the set of certificates supplied during cert path validation. When this
  # property is set then the "ocsp.responderCertSerialNumber" property must also
  # be set. When the "ocsp.responderCertSubjectName" property is set then this
  # property is ignored.
  # Example,
  # ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
  # Serial number of the OCSP responder's certificate
  # By default, the certificate of the OCSP responder is that of the issuer
  # of the certificate being validated. This property identifies the certificate
  # of the OCSP responder when the default does not apply. Its value is a string
  # of hexadecimal digits (colon or space separators may be present) which
  # identifies a certificate in the set of certificates supplied during cert path
  # validation. When this property is set then the "ocsp.responderCertIssuerName"
  # property must also be set. When the "ocsp.responderCertSubjectName" property
  # is set then this property is ignored.
  # Example,
  # ocsp.responderCertSerialNumber=2A:FF:00

  user564785 wrote:
  I am trying to installl Oracle 11gR2 on VM machine with Redhat Linux 6-64bit. That is a Oracle database problem. Even though the Oracle product uses java it still represents a problem with that product (Oracle) rather than java. So you need to start with an Oracle database forum.