Re: [controller-dev] [infrautils-dev] credentials for REST to jolokia/exec/org.opendaylight.infrautils.diagstatus

On Mon, Apr 9, 2018 at 7:49 PM, Jamo Luhrsen wrote: > it's up for interpretation as far as vulnerabilities. > > seems by default, the vulnerability is there. However, one can argue that > users need > to RTFM, go restart their deployment, ya da ya da ya da (hi robert...) to >

Re: [controller-dev] [infrautils-dev] credentials for REST to jolokia/exec/org.opendaylight.infrautils.diagstatus

it's up for interpretation as far as vulnerabilities. seems by default, the vulnerability is there. However, one can argue that users need to RTFM, go restart their deployment, ya da ya da ya da (hi robert...) to avoid the non-authenticated jolokia endpoints. JamO On 4/9/18 10:44 AM, Ryan

Re: [controller-dev] [infrautils-dev] credentials for REST to jolokia/exec/org.opendaylight.infrautils.diagstatus

ok, yeah. after restarting, it seems the jolokia endpoint is now adhering to the proper credentials. I'm confused about the karaf jolokia stuff though. Is there no way to dump that and only allow our odl-jolokia feature to be available? That was pretty confusing to me. I never asked for anything

Re: [controller-dev] [infrautils-dev] credentials for REST to jolokia/exec/org.opendaylight.infrautils.diagstatus

Did you restart ODL after installing odl-jolikia? The issue is you have jolikia installed from karaf without auth, then try to install odl-jolikia which lays down org.jolikia.osgi.cfg with authMode set to delegate. That managed service won’t actually recognize the update to authmode without a

Re: [controller-dev] [infrautils-dev] credentials for REST to jolokia/exec/org.opendaylight.infrautils.diagstatus

ok, I verified that carbon sr3 is working as we expect, but the recent Fluorine snapshot distro I have is not behaving like I expect. I am able to hit this jolokia/exec/org.opendaylight.infrautils.diagstatus:type=SvcStatus/acquireServiceStatus endpoint after just installing features-aaa,

Re: [controller-dev] [infrautils-dev] credentials for REST to jolokia/exec/org.opendaylight.infrautils.diagstatus

for carbon-sr3 we still hadn't integrated jolokia with AAA; it was still backed by etc/org.jolokia.osgi.cfg, hencewhy you need to use admin/admin after changing the password in AAA. How did you install jolokia in Fluorine? You must install using "odl-jolokia" feature from controller to get

Re: [controller-dev] [infrautils-dev] credentials for REST to jolokia/exec/org.opendaylight.infrautils.diagstatus

What version of code? This wasn’t tied to AAA until oxygen. Prior it was controlled by etc/or.jolokia.osgi.cfg. Thanks, Ryan Sent from my iPhone > On Apr 5, 2018, at 12:32 AM, Michael Vorburger wrote: > > JamO, +aaa-dev and +controller-dev and Stephen FYI: > >> On Wed,

Re: [controller-dev] [infrautils-dev] credentials for REST to jolokia/exec/org.opendaylight.infrautils.diagstatus

JamO, +aaa-dev and +controller-dev and Stephen FYI: On Wed, Apr 4, 2018 at 10:24 PM, Jamo Luhrsen wrote: > Hi Utility folks, > > I noticed in a local setup I have where I've changed the default username > and password for RESTCONF, that I still need to use the admin:admin