karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Tran <dant...@gmail.com>
Subject Re: Turn off karaf jmx authentication
Date Thu, 07 Jul 2011 01:43:04 GMT
David,

you seems to be well verse of karaf JMX, could you give me advice on
https://issues.apache.org/jira/browse/KARAF-541??

-Dan

On Wed, Jul 6, 2011 at 5:49 PM, David Jencks <david_jencks@yahoo.com> wrote:
> I think it might be a good idea to have a flag whose name clearly identifies what kind
of auth will be used, e.g.
>
> jmxAuthentication=<UserPassword|ClientCert>
>
> I'd expect to be confused otherwise.
>
> thanks
> david jencks
>
> On Jul 6, 2011, at 4:01 PM, Dan Tran wrote:
>
>> I meant o.a.k.management.cfg's jmxRealm field
>>
>> -D
>>
>> On Wed, Jul 6, 2011 at 4:00 PM, Dan Tran <dantran@gmail.com> wrote:
>>> My be I can enhance o.a.k.management to disable user/pass
>>> authentication if the 'realm' field is empty?
>>>
>>> -D
>>>
>>> On Wed, Jul 6, 2011 at 2:53 PM, David Jencks <david_jencks@yahoo.com> wrote:
>>>> Hi Dan,
>>>>
>>>> I was thinking about this too recently.... geronimo has pretty much the same
code for user/pw jmx auth and also client cert auth.  Geronimo's user/pw code is slightly
more functional than karaf's in that it provides logout functionality.  At the moment it
is not controlled by config admin.
>>>>
>>>> If you'd like to take a look and repurpose the geronimo code its at
>>>>
>>>> https://svn.apache.org/repos/asf/geronimo/server/trunk/framework/modules/geronimo-jmx-remoting
>>>>
>>>> There's a bunch of GBeanInfoBuilder goo in there that is geronimo specific.
 Basically you should take it out after using it as a guide for what to expose via config
admin.
>>>>
>>>> If I had time and were working on this :-) I would use Declarative Services
and write a component that depending on a flag in config admin would set up either the user/pw
jmx connector/authenticator or the client cert one, looking for different properties in config
admin for each.  It's presumably possible to do this with blueprint as well.
>>>>
>>>> hope this helps
>>>> david jencks
>>>>
>>>> On Jul 6, 2011, at 1:39 PM, Dan Tran wrote:
>>>>
>>>>> Hi I am in the process of getting my Karaf's JMX to accept only SSL
>>>>> with client certificate.  But first, how do I turn off the normal
>>>>> user/password ( karaf/karaf ) authentication?
>>>>>
>>>>> the etc/o.a.k.management.cfg does not seem to provide a way to do just
that.
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> -Dan
>>>>
>>>>
>>>
>
>

Mime
View raw message