[
https://issues.apache.org/jira/browse/CASSANDRA-10091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15162912#comment-15162912
]
Sam Tunnicliffe commented on CASSANDRA-10091:
---------------------------------------------
[~Jan Karlsson] I've pushed a rebased & squashed patch to [my
branch|https://github.com/beobal/cassandra/tree/10091-trunk] which incorporates
the caching changes that went in with CASSANDRA-7715. I've also pulled the
setup of the JMX connector server out of CassandraDaemon and refactored it a
bit. A benefit of that is that is simplifies cassandra-env quite a bit, and we
can do away with the JMX_MODE setting. Also, it makes authn/authz and ssl
orthogonal to whether jmx is running in local-only mode or not. I also switched
back to using CassandraLoginModule, and having the JMX authenticator use that,
rather than going directly through the authenticator, because as you pointed
out this makes it somewhat easier to extend. Authentication and authorization
are also nicely independent, so operators have to options of using the various
combinations of C*'s own authn (or some other LoginModule) or standard JMX file
based authn in conjunction with C* authz, access file authz, or no authz.
Sorry it's taken so long, but I'd be glad to get your feedback at this point.
> Align JMX authentication with internal authentication
> -----------------------------------------------------
>
> Key: CASSANDRA-10091
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10091
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Jan Karlsson
> Assignee: Jan Karlsson
> Priority: Minor
> Fix For: 3.x
>
>
> It would be useful to authenticate with JMX through Cassandra's internal
> authentication. This would reduce the overhead of keeping passwords in files
> on the machine and would consolidate passwords to one location. It would also
> allow the possibility to handle JMX permissions in Cassandra.
> It could be done by creating our own JMX server and setting custom classes
> for the authenticator and authorizer. We could then add some parameters where
> the user could specify what authenticator and authorizer to use in case they
> want to make their own.
> This could also be done by creating a premain method which creates a jmx
> server. This would give us the feature without changing the Cassandra code
> itself. However I believe this would be a good feature to have in Cassandra.
> I am currently working on a solution which creates a JMX server and uses a
> custom authenticator and authorizer. It is currently build as a premain,
> however it would be great if we could put this in Cassandra instead.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
