[jira] [Commented] (CASSANDRA-10091) Integrated JMX authn & authz

Tue, 22 Mar 2016 02:12:13 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-10091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15206037#comment-15206037
 ] 

Sam Tunnicliffe commented on CASSANDRA-10091:
---------------------------------------------

[~Jan Karlsson] I can get this in the next couple of days. 

bq. We should be using the broadcast interface for this vs 0.0.0.0

[~tjake], I have a slight preference for leaving this as it is here and 
re-opening CASSANDRA-2967 to change the bind address. wdyt?

bq. We have already created some dtests for this

Although they will to some degree duplicate the utests in 
{{AuthorizationProxyTest}}, I'd like to add a few more dtests to cover a bit 
more of the authz stuff, in particular the matching of {{ObjectName}}. This 
will be useful as developer documentation as well as for testing.

bq. I also got this error at one point

Hmm, I'll do a long-running soak test and see if I can repro, it's not 
something I've come across before


> Integrated JMX authn & authz
> ----------------------------
>
>                 Key: CASSANDRA-10091
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10091
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Jan Karlsson
>            Assignee: Sam Tunnicliffe
>            Priority: Minor
>             Fix For: 3.x
>
>
> It would be useful to authenticate with JMX through Cassandra's internal 
> authentication. This would reduce the overhead of keeping passwords in files 
> on the machine and would consolidate passwords to one location. It would also 
> allow the possibility to handle JMX permissions in Cassandra.
> It could be done by creating our own JMX server and setting custom classes 
> for the authenticator and authorizer. We could then add some parameters where 
> the user could specify what authenticator and authorizer to use in case they 
> want to make their own.
> This could also be done by creating a premain method which creates a jmx 
> server. This would give us the feature without changing the Cassandra code 
> itself. However I believe this would be a good feature to have in Cassandra.
> I am currently working on a solution which creates a JMX server and uses a 
> custom authenticator and authorizer. It is currently build as a premain, 
> however it would be great if we could put this in Cassandra instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to