You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@karaf.apache.org by Mohammad Shamsi <m....@gmail.com> on 2015/09/17 21:18:19 UTC

Karaf management (jmx) authentication

Hi All,

I have two questions about regarding karaf management authentication :

1 - looking at JaasAuthenticator.java
<https://github.com/apache/karaf/blob/master/management/server/src/main/java/org/apache/karaf/management/JaasAuthenticator.java>
in
karaf management source code, It seems it is only supporting  basic
authentication (user / password). Am I right ?

2 - How can I disable karaf management authentication, but keep the console
authentication.

Thank you,
Mohammad Shamsi

Re: Karaf management (jmx) authentication

Posted by mhshams <m....@gmail.com>.

Hi, 

I managed to disable the security by doing the followings: 
1 - added following key/value in to etc/org.apache.karaf.management.cfg 
     
2 - change the etc/jmx.acl.cfg and give read access to all


looking at source code, i can see authenticatorType can be set to
"certificate" too. 
Now the question is, if I want to enable ssl conetction, what else I should
do other than setting the  authenticatorType to "certificate".  Is there any
document or wiki about karaf jmx with ssl? 



--
View this message in context: http://karaf.922171.n3.nabble.com/Karaf-management-jmx-authentication-tp4042653p4042665.html
Sent from the Karaf - User mailing list archive at Nabble.com.

Re: Karaf management (jmx) authentication

Posted by mhshams <m....@gmail.com>.

Hi JB,

I didn't quite get your answer. was it for first question or the second one. 

I can see in etc/jmx.acl.cfg, it is possible to change the roles for
different actions. but how should I configure it to not require any user or
role at all? 

The thing is that, in our karaf distribution, we have removed the default
user (karaf) from the users.properties and we have only key based
authentication for the shell. but I couldn't find how to configure karaf
management to use the key based authentication too. Ideally i would like to
use the same keys for jmx authentication, but if this is not possible, I am
okay to let anonymous users access to jmx beans.

Cheers, 



--
View this message in context: http://karaf.922171.n3.nabble.com/Karaf-management-jmx-authentication-tp4042653p4042659.html
Sent from the Karaf - User mailing list archive at Nabble.com.

Re: Karaf management (jmx) authentication

Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.

Hi Mohammad,

you can change the etc/jmx* configuration files or dedicated a realm for 
JMX.

Regards
JB

On 09/17/2015 09:18 PM, Mohammad Shamsi wrote:
> Hi All,
>
> I have two questions about regarding karaf management authentication :
>
> 1 - looking at JaasAuthenticator.java
> <https://github.com/apache/karaf/blob/master/management/server/src/main/java/org/apache/karaf/management/JaasAuthenticator.java> in
> karaf management source code, It seems it is only supporting  basic
> authentication (user / password). Am I right ?
>
> 2 - How can I disable karaf management authentication, but keep the
> console authentication.
>
> Thank you,
> Mohammad Shamsi

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com