On Mon, Apr 9, 2018 at 7:49 PM, Jamo Luhrsen wrote:
> it's up for interpretation as far as vulnerabilities.
>
> seems by default, the vulnerability is there. However, one can argue that
> users need
> to RTFM, go restart their deployment, ya da ya da ya da (hi robert...) to
>
it's up for interpretation as far as vulnerabilities.
seems by default, the vulnerability is there. However, one can argue that users
need
to RTFM, go restart their deployment, ya da ya da ya da (hi robert...) to avoid
the non-authenticated jolokia endpoints.
JamO
On 4/9/18 10:44 AM, Ryan
ok, yeah. after restarting, it seems the jolokia endpoint is now adhering to
the proper credentials.
I'm confused about the karaf jolokia stuff though. Is there no way to dump
that and only allow our odl-jolokia feature to be available? That was
pretty confusing to me. I never asked for anything
Did you restart ODL after installing odl-jolikia? The issue is you have jolikia
installed from karaf without auth, then try to install odl-jolikia which lays
down org.jolikia.osgi.cfg with authMode set to delegate. That managed service
won’t actually recognize the update to authmode without a
ok, I verified that carbon sr3 is working as we expect, but the recent Fluorine
snapshot distro I have is not behaving like I expect.
I am able to hit this
jolokia/exec/org.opendaylight.infrautils.diagstatus:type=SvcStatus/acquireServiceStatus
endpoint after just installing features-aaa,
for carbon-sr3 we still hadn't integrated jolokia with AAA; it was still
backed by etc/org.jolokia.osgi.cfg, hencewhy you need to use admin/admin
after changing the password in AAA.
How did you install jolokia in Fluorine? You must install using
"odl-jolokia" feature from controller to get
What version of code? This wasn’t tied to AAA until oxygen. Prior it was
controlled by etc/or.jolokia.osgi.cfg.
Thanks,
Ryan
Sent from my iPhone
> On Apr 5, 2018, at 12:32 AM, Michael Vorburger wrote:
>
> JamO, +aaa-dev and +controller-dev and Stephen FYI:
>
>> On Wed,
JamO, +aaa-dev and +controller-dev and Stephen FYI:
On Wed, Apr 4, 2018 at 10:24 PM, Jamo Luhrsen wrote:
> Hi Utility folks,
>
> I noticed in a local setup I have where I've changed the default username
> and password for RESTCONF, that I still need to use the admin:admin