David, you seems to be well verse of karaf JMX, could you give me advice on https://issues.apache.org/jira/browse/KARAF-541??
-Dan On Wed, Jul 6, 2011 at 5:49 PM, David Jencks <[email protected]> wrote: > I think it might be a good idea to have a flag whose name clearly identifies > what kind of auth will be used, e.g. > > jmxAuthentication=<UserPassword|ClientCert> > > I'd expect to be confused otherwise. > > thanks > david jencks > > On Jul 6, 2011, at 4:01 PM, Dan Tran wrote: > >> I meant o.a.k.management.cfg's jmxRealm field >> >> -D >> >> On Wed, Jul 6, 2011 at 4:00 PM, Dan Tran <[email protected]> wrote: >>> My be I can enhance o.a.k.management to disable user/pass >>> authentication if the 'realm' field is empty? >>> >>> -D >>> >>> On Wed, Jul 6, 2011 at 2:53 PM, David Jencks <[email protected]> wrote: >>>> Hi Dan, >>>> >>>> I was thinking about this too recently.... geronimo has pretty much the >>>> same code for user/pw jmx auth and also client cert auth. Geronimo's >>>> user/pw code is slightly more functional than karaf's in that it provides >>>> logout functionality. At the moment it is not controlled by config admin. >>>> >>>> If you'd like to take a look and repurpose the geronimo code its at >>>> >>>> https://svn.apache.org/repos/asf/geronimo/server/trunk/framework/modules/geronimo-jmx-remoting >>>> >>>> There's a bunch of GBeanInfoBuilder goo in there that is geronimo >>>> specific. Basically you should take it out after using it as a guide for >>>> what to expose via config admin. >>>> >>>> If I had time and were working on this :-) I would use Declarative >>>> Services and write a component that depending on a flag in config admin >>>> would set up either the user/pw jmx connector/authenticator or the client >>>> cert one, looking for different properties in config admin for each. It's >>>> presumably possible to do this with blueprint as well. >>>> >>>> hope this helps >>>> david jencks >>>> >>>> On Jul 6, 2011, at 1:39 PM, Dan Tran wrote: >>>> >>>>> Hi I am in the process of getting my Karaf's JMX to accept only SSL >>>>> with client certificate. But first, how do I turn off the normal >>>>> user/password ( karaf/karaf ) authentication? >>>>> >>>>> the etc/o.a.k.management.cfg does not seem to provide a way to do just >>>>> that. >>>>> >>>>> Thanks >>>>> >>>>> >>>>> -Dan >>>> >>>> >>> > >
