I see youre having a bit of trouble, so ill try to get jmx auth working on my box this weekend... Ill let you know how it goes.
Paul On 5/4/07, Dan Rossi <[EMAIL PROTECTED]> wrote:
OK it got a bit much damn windows, had to turn authentication off. Dan Rossi wrote: > OK getting things to work in the java service wrapper isnt as easy, not > even adding the conf directory to the classpath worked, had to give full > path. The next problem is fixing permissions on the password file for > the user logged in as for the service still doesnt work and causes errors :\ > > Dan Rossi wrote: > >> OK I added conf to the classpath in eclipse and can load the conf file >> like this in the java args >> >> -Dcom.sun.management.jmxremote >> -Dcom.sun.management.config.file=conf/jmx.properties >> >> and the files can be loaded like >> >> # ################ RMI Password file location ################## >> com.sun.management.jmxremote.password.file=conf/jmxremote.password >> >> # >> # ################ RMI Access file location ##################### >> com.sun.management.jmxremote.access.file=conf/jmxremote.access >> >> edited red5.sh to >> >> exec $JAVA -Djava.security.manager >> -Djava.security.policy=conf/red5.policy -Dcom.sun.management.jmxremote >> -Dcom.sun.management.config.file=conf/jmx.properties -cp >> red5.jar:conf:$CLASSPATH org.red5.server.Standalone >> >> >> Dan Rossi wrote: >> >> >>> Hi im not sure i understand what you mean by adding these files into the >>> classpath, how is it best to reference these stored within the conf >>> directory ? >>> >>> As for examples, to be honest its the first time ive checked out the >>> "txt" files within the docs directory. Im considering porting and >>> compiling all these files into into sectioned, parted, article based >>> documentation into docbook xml and build a single pdf out of it , and >>> then it may be easier to read :) >>> >>> Mondain wrote: >>> >>> >>> >>>> Thanks for check this out Dan, >>>> Revision 1954 allows the html adapter to be disabled via the spring >>>> config, in fact for security purposes i disabled it by default. >>>> As for the jmx.properties files, ensure that they are on the classpath >>>> and they should be found. I didnt write a complex jmx remote example >>>> since the links I provided do a much better job. >>>> >>>> >>>> Paul >>>> >>>> >>>> On 5/3/07, *Dan Rossi* <[EMAIL PROTECTED] >>>> <mailto:[EMAIL PROTECTED]>> wrote: >>>> >>>> Im still getting my head around this, it seems you are able to inject >>>> values into Managed bean methods correct ? IE a syncronised list of >>>> whatever, be it hosts allowed to connect, files added to a server side >>>> playlist etc ? >>>> >>>> The management is way too complex and unneccesary for me atm, but can >>>> become quite useful, ive yet to check if i can disable the http >>>> adaptor >>>> as its a bit of a security risk having exposed like this and isnt >>>> doing >>>> what I need which is resource monitoring is graphs. >>>> >>>> Here is what ive done to enable jconsole or MC4J to connect >>>> remotely to >>>> a Red5 server, however ive had to set some paths as static as im not >>>> sure how to use env variables for this yet. >>>> >>>> The problems im facing is to enable and force SSL on the client >>>> which im >>>> unsure how to setup, which aparantly doesnt use the clear text >>>> password >>>> system, as ive just read there is a security hole. >>>> >>>> I think next is to also add the snmp agent so our cacti graphing >>>> system >>>> is able to graph things aswell :) >>>> >>>> In eclipse debug I added some java args like so, but unsure how to use >>>> env vars instead of full paths >>>> >>>> -Dcom.sun.management.jmxremote >>>> -Dcom.sun.management.config.file=/www/red5/conf/jmx.properties >>>> >>>> This allows for local console monitoring connecting to >>>> org.red5.server.Standalone which will display in the local list, and >>>> also remote management with settings set in the custom properties >>>> file. >>>> >>>> conf/jmxremote.password >>>> >>>> ############################################################## >>>> # Password File for Remote JMX Monitoring >>>> ############################################################## >>>> >>>> dan secret >>>> >>>> chmod 600 jmxremote.password to enable read only access >>>> >>>> conf/jmxremote.access >>>> >>>> ###################################################################### >>>> # Default Access Control File for Remote JMX(TM) Monitoring >>>> ###################################################################### >>>> >>>> danielr readwrite >>>> >>>> >>>> Again below not sure how to set env vars instead of full paths to the >>>> password and access file. >>>> >>>> conf/jmx.properties >>>> >>>> # ################ Management Agent Port ######################### >>>> # >>>> # JMX RMI Agent >>>> com.sun.management.jmxremote.port=8004 >>>> # JMX SNMP Agent >>>> #com.sun.management.snmp.port=8005 >>>> >>>> ##################################################################### >>>> # Optional Instrumentation >>>> ##################################################################### >>>> >>>> # To enable thread contention monitoring, uncomment the following line >>>> # com.sun.management.enableThreadContentionMonitoring >>>> >>>> >>>> ##################################################################### >>>> # SNMP Management Properties >>>> ##################################################################### >>>> >>>> # ##################### SNMP Trap Port ######################### >>>> # To set port for sending traps to a different port use following line >>>> # com.sun.management.snmp.trap=<trap-destination-port-number> >>>> >>>> # >>>> # ################ SNMP listen interface ######################### >>>> # For restricting the port on which SNMP agent listens use >>>> following line >>>> # com.sun.management.snmp.interface=<InetAddress> >>>> >>>> # #################### SNMP ACL file ######################### >>>> #For a non-default acl file location use following line >>>> # com.sun.management.snmp.acl.file=/www/red5/jmxsnmp.acl >>>> >>>> >>>> ##################################################################### >>>> # RMI Management Properties >>>> ##################################################################### >>>> # >>>> # ###################### RMI SSL ############################# >>>> >>>> #For RMI monitoring without SSL use the following line >>>> com.sun.management.jmxremote.ssl=false >>>> # com.sun.management.jmxremote.ssl.enabled.cipher.suites= >>>> <cipher-suites> >>>> # >>>> com.sun.management.jmxremote.ssl.enabled.protocols= <protocol-versions> >>>> # com.sun.management.jmxremote.ssl.need.client.auth=true|false >>>> # com.sun.management.jmxremote.ssl.need.client.auth=true >>>> >>>> # >>>> # ################ RMI User authentication ################ >>>> com.sun.management.jmxremote.authenticate=true >>>> >>>> # >>>> # ################ RMI Login configuration ################### >>>> # >>>> # com.sun.management.jmxremote.login.config= <config-name> >>>> # Specifies the name of a JAAS login configuration entry to >>>> use when >>>> # authenticating users of RMI monitoring. >>>> # >>>> # Setting this property is optional - the default login >>>> configuration >>>> # specifies a file-based authentication that uses the >>>> password file. >>>> # >>>> # When using this property to override the default login >>>> configuration >>>> # then the named configuration entry must be in a file that gets >>>> loaded >>>> # by JAAS. In addition, the login module(s) specified in the >>>> configuration >>>> # should use the name and/or password callbacks to acquire >>>> the user's >>>> # credentials. See the NameCallback and PasswordCallback >>>> classes in >>>> the >>>> # javax.security.auth.callback package for more details. >>>> # >>>> # If the property "com.sun.management.jmxremote.authenticate" is >>>> set to >>>> # false, then this property and the password & access files are >>>> ignored. >>>> # >>>> >>>> # For a non-default login configuration use the following line >>>> # com.sun.management.jmxremote.login.config=<config-name> >>>> >>>> # >>>> # ################ RMI Password file location ################## >>>> com.sun.management.jmxremote.password.file=/www/red5/conf/jmxremote.password >>>> >>>> # >>>> # ################ RMI Access file location ##################### >>>> com.sun.management.jmxremote.access.file=/www/red5/conf/jmxremote.access >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Red5 mailing list >>>> [email protected] <mailto:[email protected]> >>>> http://osflash.org/mailman/listinfo/red5_osflash.org >>>> <http://osflash.org/mailman/listinfo/red5_osflash.org> >>>> >>>> >>>> >>>> >>>> -- >>>> The early bird may get the worm, but the second mouse gets the cheese. >>>> ------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> Red5 mailing list >>>> [email protected] >>>> http://osflash.org/mailman/listinfo/red5_osflash.org >>>> >>>> >>>> >>>> >>> _______________________________________________ >>> Red5 mailing list >>> [email protected] >>> http://osflash.org/mailman/listinfo/red5_osflash.org >>> >>> >>> >>> >> _______________________________________________ >> Red5 mailing list >> [email protected] >> http://osflash.org/mailman/listinfo/red5_osflash.org >> >> >> > > > _______________________________________________ > Red5 mailing list > [email protected] > http://osflash.org/mailman/listinfo/red5_osflash.org > > _______________________________________________ Red5 mailing list [email protected] http://osflash.org/mailman/listinfo/red5_osflash.org
-- The early bird may get the worm, but the second mouse gets the cheese.
_______________________________________________ Red5 mailing list [email protected] http://osflash.org/mailman/listinfo/red5_osflash.org
