[
https://issues.apache.org/jira/browse/CASSANDRA-10551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14991610#comment-14991610
]
Jan Karlsson commented on CASSANDRA-10551:
------------------------------------------
Changing to JMXMP seems to work from an implementation standpoint. However this
will mean that current tools which are hardcoded to connect through RMI will
have to be changed to function with JMXMP. I'm refering mostly to nodetool.
i.e. eariler versions of nodetool will not be able to connect to the server.
What is more concerning is that some 3rd party tools like jconsole seem to lack
the functionality to connect with Sasl profiles through jmxmp. I tried
connecting with a [plain
profile/mechanism|https://tools.ietf.org/html/rfc4616], but have not found a
way to set a profile for jconsole.
> Investigate JMX auth using JMXMP & SASL
> ---------------------------------------
>
> Key: CASSANDRA-10551
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10551
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Sam Tunnicliffe
> Assignee: Jan Karlsson
> Fix For: 3.x
>
>
> (broken out from CASSANDRA-10091)
> We should look into whether using
> [JMXMP|https://meteatamel.wordpress.com/2012/02/13/jmx-rmi-vs-jmxmp/] would
> enable JMX authentication using SASL. If so, could we then define a custom
> SaslServer which wraps a SaslNegotiator instance provided by the configured
> IAuthenticator.
> An intial look at the
> [JMXMP|http://docs.oracle.com/cd/E19698-01/816-7609/6mdjrf873/] docs,
> particularly section *11.4.2 SASL Provider*, suggests this might be feasible.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
