[
https://issues.apache.org/jira/browse/CASSANDRA-10091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15197941#comment-15197941
]
Sam Tunnicliffe commented on CASSANDRA-10091:
---------------------------------------------
In an offline discussion, [~tjake] reminded me about CASSANDRA-2967 and the
{{sun.rmi.dgc.server.gcInterval}} system property.
When a {{JMXConnectorServer}} is created programmatically (i.e. not by the
default management agent), it automatically schedules a full GC to run
periodically. This is the reason for adding the {{-XX:+DisableExplicitGC}} when
running with {{LOCAL_JMX}} currently, as the forcing the server to bind only to
a loopback address involves creating it programatically. It is possible to
avoid this though, by mimicking how the management agent creates the server.
I've pushed another commit which does this using a custom {{RMIExporter}}
implementation in {{JMXServerUtils}}. Hopefully, the comments in that class
should explain the risks in doing this and their mitigation (which I think
makes it an acceptable thing to do).
> Align JMX authentication with internal authentication
> -----------------------------------------------------
>
> Key: CASSANDRA-10091
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10091
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Jan Karlsson
> Assignee: Sam Tunnicliffe
> Priority: Minor
> Fix For: 3.x
>
>
> It would be useful to authenticate with JMX through Cassandra's internal
> authentication. This would reduce the overhead of keeping passwords in files
> on the machine and would consolidate passwords to one location. It would also
> allow the possibility to handle JMX permissions in Cassandra.
> It could be done by creating our own JMX server and setting custom classes
> for the authenticator and authorizer. We could then add some parameters where
> the user could specify what authenticator and authorizer to use in case they
> want to make their own.
> This could also be done by creating a premain method which creates a jmx
> server. This would give us the feature without changing the Cassandra code
> itself. However I believe this would be a good feature to have in Cassandra.
> I am currently working on a solution which creates a JMX server and uses a
> custom authenticator and authorizer. It is currently build as a premain,
> however it would be great if we could put this in Cassandra instead.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
