karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Turn off karaf jmx authentication
Date Thu, 07 Jul 2011 00:49:56 GMT
I think it might be a good idea to have a flag whose name clearly identifies what kind of auth
will be used, e.g.


I'd expect to be confused otherwise.

david jencks

On Jul 6, 2011, at 4:01 PM, Dan Tran wrote:

> I meant o.a.k.management.cfg's jmxRealm field
> -D
> On Wed, Jul 6, 2011 at 4:00 PM, Dan Tran <dantran@gmail.com> wrote:
>> My be I can enhance o.a.k.management to disable user/pass
>> authentication if the 'realm' field is empty?
>> -D
>> On Wed, Jul 6, 2011 at 2:53 PM, David Jencks <david_jencks@yahoo.com> wrote:
>>> Hi Dan,
>>> I was thinking about this too recently.... geronimo has pretty much the same
code for user/pw jmx auth and also client cert auth.  Geronimo's user/pw code is slightly
more functional than karaf's in that it provides logout functionality.  At the moment it is
not controlled by config admin.
>>> If you'd like to take a look and repurpose the geronimo code its at
>>> https://svn.apache.org/repos/asf/geronimo/server/trunk/framework/modules/geronimo-jmx-remoting
>>> There's a bunch of GBeanInfoBuilder goo in there that is geronimo specific. 
Basically you should take it out after using it as a guide for what to expose via config admin.
>>> If I had time and were working on this :-) I would use Declarative Services and
write a component that depending on a flag in config admin would set up either the user/pw
jmx connector/authenticator or the client cert one, looking for different properties in config
admin for each.  It's presumably possible to do this with blueprint as well.
>>> hope this helps
>>> david jencks
>>> On Jul 6, 2011, at 1:39 PM, Dan Tran wrote:
>>>> Hi I am in the process of getting my Karaf's JMX to accept only SSL
>>>> with client certificate.  But first, how do I turn off the normal
>>>> user/password ( karaf/karaf ) authentication?
>>>> the etc/o.a.k.management.cfg does not seem to provide a way to do just that.
>>>> Thanks
>>>> -Dan

View raw message