cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Philip Thompson (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-9333) Edge case - Empty of blank password for JMX authentication not handled properly in nodetool commands
Date Fri, 08 May 2015 14:15:00 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-9333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Philip Thompson updated CASSANDRA-9333:
---------------------------------------
    Fix Version/s: 2.1.x

> Edge case - Empty of blank password for JMX authentication not handled properly in nodetool
commands
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-9333
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9333
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core, Tools
>         Environment: Apache Cassandra 2.1.2
>            Reporter: Sumod Pawgi
>            Priority: Minor
>              Labels: security
>             Fix For: 2.1.x
>
>
> While setting up JMX authentication for Apache Cassandra, if we set the password blank
(in the file - jmxremote.password), nodetool commands do not work
> example creds are cassandra cassandra. In this case, for a secured cluster, we run the
nodetool command as - nodetool -u cassandra -pw cassandra status
> But if the password is kept as blank then we cannot execute nodetool command. 
> However, I believe that if a third party software used JMX authentication via API, then
they can use blank password for the operations. So this behavior needs to be clarified and
be consistent for this edge case scenario.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message