Return-Path: X-Original-To: apmail-karaf-user-archive@minotaur.apache.org Delivered-To: apmail-karaf-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 655B76E5E for ; Thu, 7 Jul 2011 00:50:28 +0000 (UTC) Received: (qmail 30391 invoked by uid 500); 7 Jul 2011 00:50:28 -0000 Delivered-To: apmail-karaf-user-archive@karaf.apache.org Received: (qmail 30313 invoked by uid 500); 7 Jul 2011 00:50:27 -0000 Mailing-List: contact user-help@karaf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@karaf.apache.org Delivered-To: mailing list user@karaf.apache.org Received: (qmail 30305 invoked by uid 99); 7 Jul 2011 00:50:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jul 2011 00:50:27 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [98.136.44.57] (HELO smtp102.prem.mail.sp1.yahoo.com) (98.136.44.57) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 07 Jul 2011 00:50:19 +0000 Received: (qmail 44640 invoked from network); 7 Jul 2011 00:49:57 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=DKIM-Signature:Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Content-Transfer-Encoding:Message-Id:References:To:X-Mailer; b=yn/Ru8RYuQNQBsiC3qr84yJ+5T4Y3/ENTgorw8uLTYyvs9AebNEj47EhmTi99IKIRbomBfE/D5/M8hXdjNVIH0BE+8hATFWd16j51xTey5SsKO50qt2ETvhFcRhLqqRhx5o2L/Cc5G6BBGOsHEn+eG5dS2JRn1JPeCyw/LJLzZQ= ; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1309999797; bh=QmELFX6+ixe2Zf9/MLk47uDqmFm4Q2TWgiSGwBch3LI=; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Content-Transfer-Encoding:Message-Id:References:To:X-Mailer; b=A2BuSu0F+gBAds46leMuUWqNhKQGrrCRwU1bFTFFkuPpRaIjB9tTTrzds7qkQkkZ9W2z2Q2a6zZU5UJoc8oDzn+Sx72zVX4mlcgt5NoLv72x7URLjhxxCTvi1puH3vK/LxL2viFAOOUf50RaplSBA+CJvvYe+rWpsTNDdQuY1vU= Received: from [10.0.1.4] (david_jencks@76.76.148.215 with plain) by smtp102.prem.mail.sp1.yahoo.com with SMTP; 06 Jul 2011 17:49:57 -0700 PDT X-Yahoo-SMTP: .9oIUzyswBANsYgUm_5uPui0skTnzGJXJQ-- X-YMail-OSG: Rv6gDpUVM1l9Dcz4m962FJ.3V6jj__niKOwVxhiAsi5wNFc TqIGK1H2HmNdONYh1Jjd6HG8C6xD1AKlePZpM8K9OzhuRsvGU9kC39Y14Ybw U.nA4PKnBy0aDYf4uWZzpb6fEecCLMGRmQmVly0Hbx8VIspfYit9R8qFI16L hthspS2WMmzB1IEqZ9.ELfJa0D45Pe6rp32OKSMZgaM6V1tJo6_klYDaXLk_ yffrqXwQlGyNtoyvAoRxMgwR_ojtEWt3PdAX7yWfeXaW1D.1ddg_dNL.SvL8 nxPdPNHsnhGYiqC1y.0VmAo1SHBr.vJBRsEICzHSSqcXOElmh0LBJ.pYp06K HvckxywYsz2MgfM69N1ZTDDB9QjV.edc6P3S4buLtSpQKgCvZVERaCy.FaqH 7mB5IRpfdmhiR7dy2B5ABIprkolGAhTyhcWAytf6Eb5yTNQ1xGvwTyP2yXBB lZlx_pKFDYoQijyvNS2636X1fnIeNp_zc2Cw39FiXF02Yg6RQpZKLyHmHpA1 bZEPq2pc06CK1BKVR X-Yahoo-Newman-Property: ymail-3 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1084) Subject: Re: Turn off karaf jmx authentication From: David Jencks In-Reply-To: Date: Wed, 6 Jul 2011 17:49:56 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <4F6517A9-68A1-452B-8AC7-7BE8144E4555@yahoo.com> References: <8AAB5393-650D-4A15-BAD8-26DC10026ECE@yahoo.com> To: user@karaf.apache.org X-Mailer: Apple Mail (2.1084) X-Virus-Checked: Checked by ClamAV on apache.org I think it might be a good idea to have a flag whose name clearly = identifies what kind of auth will be used, e.g. jmxAuthentication=3D I'd expect to be confused otherwise. thanks david jencks On Jul 6, 2011, at 4:01 PM, Dan Tran wrote: > I meant o.a.k.management.cfg's jmxRealm field >=20 > -D >=20 > On Wed, Jul 6, 2011 at 4:00 PM, Dan Tran wrote: >> My be I can enhance o.a.k.management to disable user/pass >> authentication if the 'realm' field is empty? >>=20 >> -D >>=20 >> On Wed, Jul 6, 2011 at 2:53 PM, David Jencks = wrote: >>> Hi Dan, >>>=20 >>> I was thinking about this too recently.... geronimo has pretty much = the same code for user/pw jmx auth and also client cert auth. = Geronimo's user/pw code is slightly more functional than karaf's in that = it provides logout functionality. At the moment it is not controlled by = config admin. >>>=20 >>> If you'd like to take a look and repurpose the geronimo code its at >>>=20 >>> = https://svn.apache.org/repos/asf/geronimo/server/trunk/framework/modules/g= eronimo-jmx-remoting >>>=20 >>> There's a bunch of GBeanInfoBuilder goo in there that is geronimo = specific. Basically you should take it out after using it as a guide = for what to expose via config admin. >>>=20 >>> If I had time and were working on this :-) I would use Declarative = Services and write a component that depending on a flag in config admin = would set up either the user/pw jmx connector/authenticator or the = client cert one, looking for different properties in config admin for = each. It's presumably possible to do this with blueprint as well. >>>=20 >>> hope this helps >>> david jencks >>>=20 >>> On Jul 6, 2011, at 1:39 PM, Dan Tran wrote: >>>=20 >>>> Hi I am in the process of getting my Karaf's JMX to accept only SSL >>>> with client certificate. But first, how do I turn off the normal >>>> user/password ( karaf/karaf ) authentication? >>>>=20 >>>> the etc/o.a.k.management.cfg does not seem to provide a way to do = just that. >>>>=20 >>>> Thanks >>>>=20 >>>>=20 >>>> -Dan >>>=20 >>>=20 >>=20