karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Bosschaert <david.bosscha...@gmail.com>
Subject Re: Toward Karaf 3.0.0
Date Wed, 20 Nov 2013 13:51:20 GMT
I noticed that to address this an environment variable was introduced
for the scripts that can be set to enable/disable JMX RBAC. However
when looking at it I noticed that the default is different on Windows
and Unix.

Currently, on Unix the default is to have JMX RBAC enabled (when the
$KARAF_ACL is not set), however on Windows the default is to have JMX
RBAC disabled (when %KARAF_ACL% is not set).
Any reason why they are different?

And what do we want the default to be?
I would personally say that it's better to have the more secure
default, which is to have JMX RBAC enabled.

Best regards,

David

On 22 October 2013 01:28, Jean-Baptiste Onofré <jb@nanthrax.net> wrote:
> Thanks for your comment David, it's what I suspected.
>
> I will at least update the documentation to explain this point to the users.
>
> Regards
> JB
>
>
> On 10/21/2013 01:56 PM, David Bosschaert wrote:
>>
>> I left a comment on KARAF-2506
>>
>> With the new RBAC for JMX you need to be logged in as a user which
>> needs some roles in order to get access to anything. So if you simply
>> attach via JConsole to the local process it will show everything as
>> unavailable.
>>
>> When you log in using the Remote Process mechanism from JConsole (i.e.
>> via a URL like this:
>> service:jmx:rmi://localhost:44444/jndi/rmi://localhost:1099/karaf-root)
>> and provide username and password, it should all work...
>>
>> Cheers,
>>
>> David
>>
>> On 21 October 2013 12:40, Jean-Baptiste Onofré <jb@nanthrax.net> wrote:
>>>
>>> Hi guys,
>>>
>>> just a quick update about that.
>>>
>>> I gonna commit the Aries Blueprint CM update: I tested locally, it looks
>>> good to me.
>>>
>>> One blocking issue should be fixed:
>>> https://issues.apache.org/jira/browse/KARAF-2506
>>>
>>> We can not release a Karaf version with a JMX layer that doesn't really
>>> work.
>>>
>>> I gonna take a look on that today.
>>>
>>>
>>> Regards
>>> JB
>>>
>>> On 10/08/2013 04:41 PM, Jean-Baptiste Onofré wrote:
>>>>
>>>>
>>>> Hi all,
>>>>
>>>> Thanks to Dan, we got the Aries release required for Karaf 3.0.0.
>>>> I'm upgrading on Karaf trunk.
>>>>
>>>> I'm working on the latest mandatory improvement (KARAF-2496) now.
>>>>
>>>> So, today, I will:
>>>> - commit both blueprint upgrade and KARAF-2496
>>>> - update Jira to add 3.0.1 version
>>>> - review the Jira and move to 3.0.1
>>>>
>>>> I discussed with Jamie this morning, he's ready to cut off the 3.0.0
>>>> release.
>>>>
>>>> I propose to prepare the release and vote for next Thursday (it gives
>>>> some time to latest fixes and tests tomorrow).
>>>>
>>>> WDYT ?
>>>>
>>>> Regards
>>>> JB
>>>
>>>
>>>
>>> --
>>> Jean-Baptiste Onofré
>>> jbonofre@apache.org
>>> http://blog.nanthrax.net
>>> Talend - http://www.talend.com
>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com

Mime
View raw message