[
https://issues.apache.org/jira/browse/CASSANDRA-10551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sam Tunnicliffe resolved CASSANDRA-10551.
-----------------------------------------
Resolution: Done
Fix Version/s: (was: 3.x)
I've spent a fair bit of time looking at this and I'm afraid I've come to the
same conclusion. Although it's somewhat painful to use JMXMP because the Oracle
JRE doesn't provide an implementation for the (optional) JMX Remote part of the
JMX spec, it isn't too tricky to implement a generic SASL server to interface
with IAuthenticator.SaslNegotiator.
As you say though, support for JMXMP in tooling is pretty poor. I'm not so
concerned with nodetool as we have control over that, plus we only ever
guarantee that a given version of nodetool works with the corresponding C*.
Lack of support in jconsole is a more of a concern, especially as the same is
true of Java Mission Control, which would leave users who enabled JMXMP no
means of interacting with the published MBeans.
I'm going to close this issue, if we come across something new we can always
reopen it.
> Investigate JMX auth using JMXMP & SASL
> ---------------------------------------
>
> Key: CASSANDRA-10551
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10551
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Sam Tunnicliffe
> Assignee: Jan Karlsson
>
> (broken out from CASSANDRA-10091)
> We should look into whether using
> [JMXMP|https://meteatamel.wordpress.com/2012/02/13/jmx-rmi-vs-jmxmp/] would
> enable JMX authentication using SASL. If so, could we then define a custom
> SaslServer which wraps a SaslNegotiator instance provided by the configured
> IAuthenticator.
> An intial look at the
> [JMXMP|http://docs.oracle.com/cd/E19698-01/816-7609/6mdjrf873/] docs,
> particularly section *11.4.2 SASL Provider*, suggests this might be feasible.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
