You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by Jai Bheemsen Rao Dhanwada <ja...@gmail.com> on 2020/08/17 20:23:19 UTC
Encrypting JMX password for cassandra
Hello,
When enabling JMX Authentication
<https://docs.datastax.com/en/ddacsecurity/doc/ddacsecurity/secureJmxAuthentication.html>,
username and password are stored as plain text in jmxremote.password file.
Is there a way to encrypt the content of this file so it's not human
readable?
Re: Encrypting JMX password for cassandra
Posted by Jai Bheemsen Rao Dhanwada <ja...@gmail.com>.
Thank you, I looked at this post but haven't tried. let me give a try
On Tue, Aug 18, 2020 at 1:13 AM Johnny Miller <jo...@digitalis.io> wrote:
> Jai,
>
> I haven't tried it myself, but you might be able to implement something
> like this as I believe this is generic to Java.
>
> https://stackoverflow.com/questions/1676513/how-to-encrypt-passwords-for-jconsoles-password-file
>
> This may allow you to encrypt the JMX password in the file. Would be
> interesting to see if it works!
>
> Regards,
>
> Johnny
>
>
> On Tue, 18 Aug 2020 at 05:38, Erick Ramirez <er...@datastax.com>
> wrote:
>
>> That's correct. The instructions are in the document you already linked
>> plus in the official docs[1] on the Apache website. Cheers!
>>
>> [1]
>> https://cassandra.apache.org/doc/latest/operating/security.html#jmx-access
>>
>>>
>
>
> --
>
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you are
> not the intended recipient, you should not disseminate, distribute or copy
> this e-mail. Please notify the sender immediately and destroy all copies of
> this message and any attachments. WARNING: Computer viruses can be
> transmitted via email. The recipient should check this email and any
> attachments for the presence of viruses. The company accepts no liability
> for any damage caused by any virus transmitted by this email.
> www.digitalis.io
>
Re: Encrypting JMX password for cassandra
Posted by Johnny Miller <jo...@digitalis.io>.
Jai,
I haven't tried it myself, but you might be able to implement something
like this as I believe this is generic to Java.
https://stackoverflow.com/questions/1676513/how-to-encrypt-passwords-for-jconsoles-password-file
This may allow you to encrypt the JMX password in the file. Would be
interesting to see if it works!
Regards,
Johnny
On Tue, 18 Aug 2020 at 05:38, Erick Ramirez <er...@datastax.com>
wrote:
> That's correct. The instructions are in the document you already linked
> plus in the official docs[1] on the Apache website. Cheers!
>
> [1]
> https://cassandra.apache.org/doc/latest/operating/security.html#jmx-access
>
>>
--
--
The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the
addressee(s) and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email. www.digitalis.io <http://www.digitalis.io>
Re: Encrypting JMX password for cassandra
Posted by Erick Ramirez <er...@datastax.com>.
That's correct. The instructions are in the document you already linked
plus in the official docs[1] on the Apache website. Cheers!
[1]
https://cassandra.apache.org/doc/latest/operating/security.html#jmx-access
>
Re: Encrypting JMX password for cassandra
Posted by Jai Bheemsen Rao Dhanwada <ja...@gmail.com>.
Thanks Erick
Can you please point me the doc for internal c* auth? Are you referring to
c* auth for jmx?
On Monday, August 17, 2020, Erick Ramirez <er...@datastax.com>
wrote:
> No, there isn't. You can either set the permissions to 400 so only the OS
> cassandra user can read the file or enable internal C* auth so the password
> is not stored in a file. Cheers!
>
Re: Encrypting JMX password for cassandra
Posted by Erick Ramirez <er...@datastax.com>.
No, there isn't. You can either set the permissions to 400 so only the OS
cassandra user can read the file or enable internal C* auth so the password
is not stored in a file. Cheers!