Return-Path: X-Original-To: apmail-karaf-user-archive@minotaur.apache.org Delivered-To: apmail-karaf-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E697261F2 for ; Wed, 6 Jul 2011 23:02:02 +0000 (UTC) Received: (qmail 12656 invoked by uid 500); 6 Jul 2011 23:02:02 -0000 Delivered-To: apmail-karaf-user-archive@karaf.apache.org Received: (qmail 12616 invoked by uid 500); 6 Jul 2011 23:02:02 -0000 Mailing-List: contact user-help@karaf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@karaf.apache.org Delivered-To: mailing list user@karaf.apache.org Received: (qmail 12608 invoked by uid 99); 6 Jul 2011 23:02:02 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Jul 2011 23:02:02 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of dantran@gmail.com designates 209.85.218.48 as permitted sender) Received: from [209.85.218.48] (HELO mail-yi0-f48.google.com) (209.85.218.48) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Jul 2011 23:01:55 +0000 Received: by yic24 with SMTP id 24so260448yic.21 for ; Wed, 06 Jul 2011 16:01:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=HF3J1D2IT/YdZibujQKAoCbJ87X7xv/L53ZvKqYgbd4=; b=CtQzRo9BdMl9A//Uqoa4YFEq1TRMZA6Lr+jJLizXYdPR4eDH+icDaa52wcAAQBciID ZCgsX5T4u2ZV8rHdmVT3IGwIqL8hjjuCqvSyPO8yUGiLzDm6aV0984LrBL1bZHFp6AI9 CJ7+1/Lu5s8ZbgWkDrmjhqYByUsWi3bUv4Csg= MIME-Version: 1.0 Received: by 10.150.235.11 with SMTP id i11mr393131ybh.163.1309993293185; Wed, 06 Jul 2011 16:01:33 -0700 (PDT) Received: by 10.150.148.6 with HTTP; Wed, 6 Jul 2011 16:01:33 -0700 (PDT) In-Reply-To: References: <8AAB5393-650D-4A15-BAD8-26DC10026ECE@yahoo.com> Date: Wed, 6 Jul 2011 16:01:33 -0700 Message-ID: Subject: Re: Turn off karaf jmx authentication From: Dan Tran To: user@karaf.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I meant o.a.k.management.cfg's jmxRealm field -D On Wed, Jul 6, 2011 at 4:00 PM, Dan Tran wrote: > My be I can enhance o.a.k.management to disable user/pass > authentication if the 'realm' field is empty? > > -D > > On Wed, Jul 6, 2011 at 2:53 PM, David Jencks wro= te: >> Hi Dan, >> >> I was thinking about this too recently.... geronimo has pretty much the = same code for user/pw jmx auth and also client cert auth. =C2=A0Geronimo's = user/pw code is slightly more functional than karaf's in that it provides l= ogout functionality. =C2=A0At the moment it is not controlled by config adm= in. >> >> If you'd like to take a look and repurpose the geronimo code its at >> >> https://svn.apache.org/repos/asf/geronimo/server/trunk/framework/modules= /geronimo-jmx-remoting >> >> There's a bunch of GBeanInfoBuilder goo in there that is geronimo specif= ic. =C2=A0Basically you should take it out after using it as a guide for wh= at to expose via config admin. >> >> If I had time and were working on this :-) I would use Declarative Servi= ces and write a component that depending on a flag in config admin would se= t up either the user/pw jmx connector/authenticator or the client cert one,= looking for different properties in config admin for each. =C2=A0It's pres= umably possible to do this with blueprint as well. >> >> hope this helps >> david jencks >> >> On Jul 6, 2011, at 1:39 PM, Dan Tran wrote: >> >>> Hi I am in the process of getting my Karaf's JMX to accept only SSL >>> with client certificate. =C2=A0But first, how do I turn off the normal >>> user/password ( karaf/karaf ) authentication? >>> >>> the etc/o.a.k.management.cfg does not seem to provide a way to do just = that. >>> >>> Thanks >>> >>> >>> -Dan >> >> >