Jamo, can you comment on code version? Thanks! Regards,
Ryan Goulding On Thu, Apr 5, 2018 at 7:10 AM, Ryan Goulding <ryandgould...@gmail.com> wrote: > What version of code? This wasn’t tied to AAA until oxygen. Prior it was > controlled by etc/or.jolokia.osgi.cfg. > > Thanks, > Ryan > > Sent from my iPhone > > On Apr 5, 2018, at 12:32 AM, Michael Vorburger <vorbur...@redhat.com> > wrote: > > JamO, +aaa-dev and +controller-dev and Stephen FYI: > > On Wed, Apr 4, 2018 at 10:24 PM, Jamo Luhrsen <jluhr...@gmail.com> wrote: > >> Hi Utility folks, >> >> I noticed in a local setup I have where I've changed the default username >> and password for RESTCONF, that I still need to use the admin:admin creds >> to hit the diagstatus endpoint. >> >> I'm guessing that's just because this is not tied in to the magic of >> AAA and/or RESTCONF creds. >> >> Gotta just live with it, or would it be an easy thing to add, just to keep >> things more intuitive? >> > > This seems like a bug (bad one, security wise), but it's not for > infrautils-dev - we don't actually do anything re. Jolokia in project > infrautils, the diagstatus sub-module simply exposes a JMX bean... the code > related to the Jolokia integration in ODL which then make makes this > available via HTTP, and secures it with the AAA creds (also used by > RESTCONF; there are no creds in RESTCONF itself FYI), is actually in > controller and/or aaa (I'm not 100% sure myself what is where)... see > https://jira.opendaylight.org/browse/AAA-147 and > https://jira.opendaylight.org/browse/CONTROLLER-1324. > > If you are right, we have this problem (that when changing the default > username and password you can still use the previous one) on *ALL* > /jolokia/ URLs, I'm guessing. > > Would you like to open a (Critical?) bug in JIRA against AAA about this? > > Tx, > M. > -- > Michael Vorburger, Red Hat > vorbur...@redhat.com | IRC: vorburger @freenode | ~ = http://vorburger.ch > > >> example curl: >> >> curl -u "admin:admin" http://192.168.24.11:8081/jolo >> kia/exec/org.opendaylight.infrautils.diagstatus:type=SvcStat >> us/acquireServiceStatus >> >> Thanks, >> JamO >> _______________________________________________ >> infrautils-dev mailing list >> infrautils-...@lists.opendaylight.org >> https://lists.opendaylight.org/mailman/listinfo/infrautils-dev >> > > _______________________________________________ > controller-dev mailing list > controller-dev@lists.opendaylight.org > https://lists.opendaylight.org/mailman/listinfo/controller-dev > >
_______________________________________________ controller-dev mailing list controller-dev@lists.opendaylight.org https://lists.opendaylight.org/mailman/listinfo/controller-dev