Securing the Administration Console, JMX server, and deployer
Access to the Administration Console, JMX server, and deployer is controlled by using the default security realm geronimo-admin. This realm uses the <GERONIMO_HOME>/var/security/users.properties file to store usernames and passwords, and the <GERONIMO_HOME>/var/security/groups.properties file to store group information for users. By default, this realm has one user, system, with a password of manager, and belonging to the admin group. Any user belonging to the admin group will have access to the Admininistration Console, JMX server, and deployer. The default credentials can be changed in the following ways:
Edit the <GERONIMO_HOME>/var/security/users.properties file. The format of this file is one entry per line, in the form 'username=password'.
Users and Groups portlet: Access this portlet in the Administration Console by using the user system and password manager to log in, and change the password for user system by clicking on the Edit link, as shown in the following screenshot:
Make sure that access to users.properties and groups.properties is controlled by using OS provided security features.