I think it might be a good idea to have a flag whose name clearly identifies what kind of auth will be used, e.g.
jmxAuthentication=<UserPassword|ClientCert> I'd expect to be confused otherwise. thanks david jencks On Jul 6, 2011, at 4:01 PM, Dan Tran wrote: > I meant o.a.k.management.cfg's jmxRealm field > > -D > > On Wed, Jul 6, 2011 at 4:00 PM, Dan Tran <[email protected]> wrote: >> My be I can enhance o.a.k.management to disable user/pass >> authentication if the 'realm' field is empty? >> >> -D >> >> On Wed, Jul 6, 2011 at 2:53 PM, David Jencks <[email protected]> wrote: >>> Hi Dan, >>> >>> I was thinking about this too recently.... geronimo has pretty much the >>> same code for user/pw jmx auth and also client cert auth. Geronimo's >>> user/pw code is slightly more functional than karaf's in that it provides >>> logout functionality. At the moment it is not controlled by config admin. >>> >>> If you'd like to take a look and repurpose the geronimo code its at >>> >>> https://svn.apache.org/repos/asf/geronimo/server/trunk/framework/modules/geronimo-jmx-remoting >>> >>> There's a bunch of GBeanInfoBuilder goo in there that is geronimo specific. >>> Basically you should take it out after using it as a guide for what to >>> expose via config admin. >>> >>> If I had time and were working on this :-) I would use Declarative Services >>> and write a component that depending on a flag in config admin would set up >>> either the user/pw jmx connector/authenticator or the client cert one, >>> looking for different properties in config admin for each. It's presumably >>> possible to do this with blueprint as well. >>> >>> hope this helps >>> david jencks >>> >>> On Jul 6, 2011, at 1:39 PM, Dan Tran wrote: >>> >>>> Hi I am in the process of getting my Karaf's JMX to accept only SSL >>>> with client certificate. But first, how do I turn off the normal >>>> user/password ( karaf/karaf ) authentication? >>>> >>>> the etc/o.a.k.management.cfg does not seem to provide a way to do just >>>> that. >>>> >>>> Thanks >>>> >>>> >>>> -Dan >>> >>> >>
