You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Philip Thompson (JIRA)" <ji...@apache.org> on 2015/05/08 16:15:00 UTC
[jira] [Updated] (CASSANDRA-9333) Edge case - Empty of blank
password for JMX authentication not handled properly in nodetool commands
[ https://issues.apache.org/jira/browse/CASSANDRA-9333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Philip Thompson updated CASSANDRA-9333:
---------------------------------------
Fix Version/s: 2.1.x
> Edge case - Empty of blank password for JMX authentication not handled properly in nodetool commands
> ----------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-9333
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9333
> Project: Cassandra
> Issue Type: Bug
> Components: Core, Tools
> Environment: Apache Cassandra 2.1.2
> Reporter: Sumod Pawgi
> Priority: Minor
> Labels: security
> Fix For: 2.1.x
>
>
> While setting up JMX authentication for Apache Cassandra, if we set the password blank (in the file - jmxremote.password), nodetool commands do not work
> example creds are cassandra cassandra. In this case, for a secured cluster, we run the nodetool command as - nodetool -u cassandra -pw cassandra status
> But if the password is kept as blank then we cannot execute nodetool command.
> However, I believe that if a third party software used JMX authentication via API, then they can use blank password for the operations. So this behavior needs to be clarified and be consistent for this edge case scenario.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)