karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Tran <dant...@gmail.com>
Subject Re: Turn off karaf jmx authentication
Date Wed, 06 Jul 2011 23:01:33 GMT
I meant o.a.k.management.cfg's jmxRealm field

-D

On Wed, Jul 6, 2011 at 4:00 PM, Dan Tran <dantran@gmail.com> wrote:
> My be I can enhance o.a.k.management to disable user/pass
> authentication if the 'realm' field is empty?
>
> -D
>
> On Wed, Jul 6, 2011 at 2:53 PM, David Jencks <david_jencks@yahoo.com> wrote:
>> Hi Dan,
>>
>> I was thinking about this too recently.... geronimo has pretty much the same code
for user/pw jmx auth and also client cert auth.  Geronimo's user/pw code is slightly more
functional than karaf's in that it provides logout functionality.  At the moment it is not
controlled by config admin.
>>
>> If you'd like to take a look and repurpose the geronimo code its at
>>
>> https://svn.apache.org/repos/asf/geronimo/server/trunk/framework/modules/geronimo-jmx-remoting
>>
>> There's a bunch of GBeanInfoBuilder goo in there that is geronimo specific.  Basically
you should take it out after using it as a guide for what to expose via config admin.
>>
>> If I had time and were working on this :-) I would use Declarative Services and write
a component that depending on a flag in config admin would set up either the user/pw jmx connector/authenticator
or the client cert one, looking for different properties in config admin for each.  It's
presumably possible to do this with blueprint as well.
>>
>> hope this helps
>> david jencks
>>
>> On Jul 6, 2011, at 1:39 PM, Dan Tran wrote:
>>
>>> Hi I am in the process of getting my Karaf's JMX to accept only SSL
>>> with client certificate.  But first, how do I turn off the normal
>>> user/password ( karaf/karaf ) authentication?
>>>
>>> the etc/o.a.k.management.cfg does not seem to provide a way to do just that.
>>>
>>> Thanks
>>>
>>>
>>> -Dan
>>
>>
>

Mime
View raw message