cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Tunnicliffe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-10091) Align JMX authentication with internal authentication
Date Wed, 16 Mar 2016 19:06:33 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-10091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15197941#comment-15197941
] 

Sam Tunnicliffe commented on CASSANDRA-10091:
---------------------------------------------

In an offline discussion, [~tjake] reminded me about CASSANDRA-2967 and the {{sun.rmi.dgc.server.gcInterval}}
system property.
When a {{JMXConnectorServer}} is created programmatically (i.e. not by the default management
agent), it automatically schedules a full GC to run periodically. This is the reason for adding
the {{-XX:+DisableExplicitGC}} when running with {{LOCAL_JMX}} currently, as the forcing the
server to bind only to a loopback address involves creating it programatically. It is possible
to avoid this though, by mimicking how the management agent creates the server. I've pushed
another commit which does this using a custom {{RMIExporter}} implementation in {{JMXServerUtils}}.
Hopefully, the comments in that class should explain the risks in doing this and their mitigation
(which I think makes it an acceptable thing to do). 


> Align JMX authentication with internal authentication
> -----------------------------------------------------
>
>                 Key: CASSANDRA-10091
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10091
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Jan Karlsson
>            Assignee: Sam Tunnicliffe
>            Priority: Minor
>             Fix For: 3.x
>
>
> It would be useful to authenticate with JMX through Cassandra's internal authentication.
This would reduce the overhead of keeping passwords in files on the machine and would consolidate
passwords to one location. It would also allow the possibility to handle JMX permissions in
Cassandra.
> It could be done by creating our own JMX server and setting custom classes for the authenticator
and authorizer. We could then add some parameters where the user could specify what authenticator
and authorizer to use in case they want to make their own.
> This could also be done by creating a premain method which creates a jmx server. This
would give us the feature without changing the Cassandra code itself. However I believe this
would be a good feature to have in Cassandra.
> I am currently working on a solution which creates a JMX server and uses a custom authenticator
and authorizer. It is currently build as a premain, however it would be great if we could
put this in Cassandra instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message