Default Security Configuration
10.1. Post Installation Security Configuration When installed from the zip archive, authentication is required to access the majority of JBoss services, including administrative services. Consoles are secured by the JAAS security domain "jmx-console". At installation this security domain has no user accounts. This is to eliminate the possibility of default username/password based attacks. Refer to Procedure 10.1, “Create jmx-console, admin-console, and http invoker user account� to create a user account to access the consoles. To disable authentication (useful for development, but not recommended for production), refer to Appendix A, Disabling Authentication. When installed via the graphical installer, a JAAS security domain and a user account is created as part of the install process. Even if you change the name of the JAAS security domain during installation, the users are stored in the same place. Follow the instructions in Procedure 10.1, “Create jmx-console, admin-console, and http invoker user account� to edit your user account, or create a new one.