[jira] [Commented] (CASSANDRA-10091) Align JMX authentication with internal authentication

Wed, 25 Nov 2015 13:21:08 -0800 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-10091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15027628#comment-15027628
 ] 

Nick Bailey commented on CASSANDRA-10091:
-----------------------------------------

I'm definitely a fan of making it possible to reduce the number of auth schemes 
users have to set up. We should avoid breaking existing jmx clients and tools 
like you mentioned in CASSANDRA-10551 though.

[~beobal] you are proposing just getting authc done in this ticket and leaving 
authz controlled by the built in file based roles mechanism for now? That's 
probably fine, although we'll want to make sure we handle the edge cases 
appropriately. For example if a user turns on auth via cassandra but then 
doesn't specify a roles file on the filesystem as well. Or if there is a 
mismatch in the users defined in either. If those edge cases get hairy I might 
personally prefer to wait until we can deliver it all.

> Align JMX authentication with internal authentication
> -----------------------------------------------------
>
>                 Key: CASSANDRA-10091
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10091
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Jan Karlsson
>            Assignee: Jan Karlsson
>            Priority: Minor
>             Fix For: 3.x
>
>
> It would be useful to authenticate with JMX through Cassandra's internal 
> authentication. This would reduce the overhead of keeping passwords in files 
> on the machine and would consolidate passwords to one location. It would also 
> allow the possibility to handle JMX permissions in Cassandra.
> It could be done by creating our own JMX server and setting custom classes 
> for the authenticator and authorizer. We could then add some parameters where 
> the user could specify what authenticator and authorizer to use in case they 
> want to make their own.
> This could also be done by creating a premain method which creates a jmx 
> server. This would give us the feature without changing the Cassandra code 
> itself. However I believe this would be a good feature to have in Cassandra.
> I am currently working on a solution which creates a JMX server and uses a 
> custom authenticator and authorizer. It is currently build as a premain, 
> however it would be great if we could put this in Cassandra instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to