Return-Path: X-Original-To: apmail-karaf-dev-archive@minotaur.apache.org Delivered-To: apmail-karaf-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 66320100C2 for ; Wed, 20 Nov 2013 14:56:41 +0000 (UTC) Received: (qmail 43058 invoked by uid 500); 20 Nov 2013 14:56:41 -0000 Delivered-To: apmail-karaf-dev-archive@karaf.apache.org Received: (qmail 42884 invoked by uid 500); 20 Nov 2013 14:56:35 -0000 Mailing-List: contact dev-help@karaf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@karaf.apache.org Delivered-To: mailing list dev@karaf.apache.org Received: (qmail 42782 invoked by uid 99); 20 Nov 2013 14:56:32 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Nov 2013 14:56:32 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [217.70.183.195] (HELO relay3-d.mail.gandi.net) (217.70.183.195) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Nov 2013 14:56:25 +0000 Received: from mfilter2-d.gandi.net (mfilter2-d.gandi.net [217.70.178.140]) by relay3-d.mail.gandi.net (Postfix) with ESMTP id 574DBA80C4 for ; Wed, 20 Nov 2013 15:56:05 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mfilter2-d.gandi.net Received: from relay3-d.mail.gandi.net ([217.70.183.195]) by mfilter2-d.gandi.net (mfilter2-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024) with ESMTP id 04qraRfW44G8 for ; Wed, 20 Nov 2013 15:56:03 +0100 (CET) X-Originating-IP: 82.238.224.4 Received: from [192.168.134.15] (bre91-1-82-238-224-4.fbx.proxad.net [82.238.224.4]) (Authenticated sender: jb@nanthrax.net) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 8EF26A80EE for ; Wed, 20 Nov 2013 15:56:03 +0100 (CET) Message-ID: <528CCD7F.7090306@nanthrax.net> Date: Wed, 20 Nov 2013 15:55:59 +0100 From: =?ISO-8859-1?Q?Jean-Baptiste_Onofr=E9?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: dev@karaf.apache.org Subject: Re: Toward Karaf 3.0.0 References: <525419A5.1030103@nanthrax.net> <526512B2.6050401@nanthrax.net> <5265C694.8070507@nanthrax.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org I checked in bin/karaf and bin/karaf.bat, and actually, in both, JMX=20 RBAC are disabled by default (the test is just different on Windows and=20 Unix). Regards JB On 11/20/2013 02:51 PM, David Bosschaert wrote: > I noticed that to address this an environment variable was introduced > for the scripts that can be set to enable/disable JMX RBAC. However > when looking at it I noticed that the default is different on Windows > and Unix. > > Currently, on Unix the default is to have JMX RBAC enabled (when the > $KARAF_ACL is not set), however on Windows the default is to have JMX > RBAC disabled (when %KARAF_ACL% is not set). > Any reason why they are different? > > And what do we want the default to be? > I would personally say that it's better to have the more secure > default, which is to have JMX RBAC enabled. > > Best regards, > > David > > On 22 October 2013 01:28, Jean-Baptiste Onofr=E9 wrot= e: >> Thanks for your comment David, it's what I suspected. >> >> I will at least update the documentation to explain this point to the = users. >> >> Regards >> JB >> >> >> On 10/21/2013 01:56 PM, David Bosschaert wrote: >>> >>> I left a comment on KARAF-2506 >>> >>> With the new RBAC for JMX you need to be logged in as a user which >>> needs some roles in order to get access to anything. So if you simply >>> attach via JConsole to the local process it will show everything as >>> unavailable. >>> >>> When you log in using the Remote Process mechanism from JConsole (i.e= . >>> via a URL like this: >>> service:jmx:rmi://localhost:44444/jndi/rmi://localhost:1099/karaf-roo= t) >>> and provide username and password, it should all work... >>> >>> Cheers, >>> >>> David >>> >>> On 21 October 2013 12:40, Jean-Baptiste Onofr=E9 wr= ote: >>>> >>>> Hi guys, >>>> >>>> just a quick update about that. >>>> >>>> I gonna commit the Aries Blueprint CM update: I tested locally, it l= ooks >>>> good to me. >>>> >>>> One blocking issue should be fixed: >>>> https://issues.apache.org/jira/browse/KARAF-2506 >>>> >>>> We can not release a Karaf version with a JMX layer that doesn't rea= lly >>>> work. >>>> >>>> I gonna take a look on that today. >>>> >>>> >>>> Regards >>>> JB >>>> >>>> On 10/08/2013 04:41 PM, Jean-Baptiste Onofr=E9 wrote: >>>>> >>>>> >>>>> Hi all, >>>>> >>>>> Thanks to Dan, we got the Aries release required for Karaf 3.0.0. >>>>> I'm upgrading on Karaf trunk. >>>>> >>>>> I'm working on the latest mandatory improvement (KARAF-2496) now. >>>>> >>>>> So, today, I will: >>>>> - commit both blueprint upgrade and KARAF-2496 >>>>> - update Jira to add 3.0.1 version >>>>> - review the Jira and move to 3.0.1 >>>>> >>>>> I discussed with Jamie this morning, he's ready to cut off the 3.0.= 0 >>>>> release. >>>>> >>>>> I propose to prepare the release and vote for next Thursday (it giv= es >>>>> some time to latest fixes and tests tomorrow). >>>>> >>>>> WDYT ? >>>>> >>>>> Regards >>>>> JB >>>> >>>> >>>> >>>> -- >>>> Jean-Baptiste Onofr=E9 >>>> jbonofre@apache.org >>>> http://blog.nanthrax.net >>>> Talend - http://www.talend.com >> >> >> -- >> Jean-Baptiste Onofr=E9 >> jbonofre@apache.org >> http://blog.nanthrax.net >> Talend - http://www.talend.com --=20 Jean-Baptiste Onofr=E9 jbonofre@apache.org http://blog.nanthrax.net Talend - http://www.talend.com