qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Qpid > Configuring Management Users
Date Mon, 28 Nov 2011 13:41:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2042/9/21/_/styles/combined.css?spaceKey=qpid&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
     <h2><s>Configuring Management Users</s></h2>
     <h4>Page <b>removed</b> by             <a href="https://cwiki.apache.org/confluence/display/~k-wall">keith
wall</a>
    </h4>
     <br/>
     <div class="notificationGreySide">
         <p>The Qpid Java broker has a single source of users for the system. So a user
can connect to the broker to send messages and via the JMX console to check the state of the
broker.</p>

<p><a name="ConfiguringManagementUsers-addinguser"></a></p>
<h2><a name="ConfiguringManagementUsers-Addinganewmanagementuser"></a>Adding
a new management user</h2>

<p>The broker does have some minimal configuration available to limit which users can
connect to the JMX console and what they can do when they are there.</p>

<p>There are two steps required to add a new user with rights for the JMX console.</p>

<ol>
	<li>Create a new user login, see HowTo:<a href="/confluence/display/qpid/Add+New+Users"
title="Add New Users">Add New Users</a></li>
	<li>Grant the new user permission to the JMX Console</li>
</ol>



<h3><a name="ConfiguringManagementUsers-GrantingJMXConsolePermissions"></a>Granting
JMX Console Permissions</h3>

<p>By default new users do not have access to the JMX console. The access to the console
is controlled via the file <em>jmxremote.access</em>.</p>

<p>This file contains a mapping from user to privilege.</p>

<p>There are three privileges available:</p>
<ol>
	<li>readonly - The user is able to log in and view queues but not make any changes.</li>
	<li>readwrite - Grants user ability to read and write queue attributes such as alerting
values.</li>
	<li>admin - Grants the user full access including ability to edit Users and JMX Permissions
in addition to readwrite access.</li>
</ol>


<p>This file is read at start up and can forcibly be reloaded by an admin user through
the management console.</p>

<h3><a name="ConfiguringManagementUsers-AccessFileFormat"></a>Access File
Format</h3>
<p>The file is a standard Java properties file and has the following format</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>&lt;username&gt;=&lt;privilege&gt;
</pre>
</div></div>

<p>If the username value is not a valid user (list in the specified PrincipalDatabase)
then the broker will print a warning when it reads the file as that entry will have no meaning.</p>

<p>Only when the the username exists in both the access file and the PrincipalDatabase
password file will the user be able to login via the JMX Console.</p>

<h4><a name="ConfiguringManagementUsers-ExampleFile"></a>Example File</h4>
<p>The file will be timestamped by the management console if edited through the console.</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>#Generated by JMX Console : Last edited by user:admin
#Tue Jun 12 16:46:39 BST 2007
admin=admin
guest=readonly
user=readwrite
</pre>
</div></div>
     </div>
</div>
</div>
</div>
</div>
</body>
</html>

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org


Mime
View raw message