[jira] [Comment Edited] (CASSANDRA-9333) Edge case - Empty of blank password for JMX authentication not handled properly in nodetool commands

[Varun Barala (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-9333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16097099#comment-16097099
 ] 

Varun Barala edited comment on CASSANDRA-9333 at 7/22/17 4:12 AM:
------------------------------------------------------------------

In this scenario, You can use nodetool command like:-
{{$ bin/nodetool -u cassandra status}}
then It'll ask for password If your password is empty then just hit enter.

Though nodetool should accept {{$ bin/nodetool -u cassandra -pw  status}}. I'll 
go through the code.


was (Author: varuna):
In this scenario, You can use nodetool command like:-
"$ bin/nodetool -u cassandra status"
then It'll ask for password If your password is empty then just hit enter.

Though nodetool should accept "$ bin/nodetool -u cassandra -pw  status". I'll 
go through the code.

> Edge case - Empty of blank password for JMX authentication not handled 
> properly in nodetool commands
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-9333
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9333
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tools
>         Environment: Apache Cassandra 2.1.2
>            Reporter: Sumod Pawgi
>            Priority: Minor
>              Labels: security
>             Fix For: 2.1.x
>
>
> While setting up JMX authentication for Apache Cassandra, if we set the 
> password blank (in the file - jmxremote.password), nodetool commands do not 
> work
> example creds are cassandra cassandra. In this case, for a secured cluster, 
> we run the nodetool command as - nodetool -u cassandra -pw cassandra status
> But if the password is kept as blank then we cannot execute nodetool command. 
> However, I believe that if a third party software used JMX authentication via 
> API, then they can use blank password for the operations. So this behavior 
> needs to be clarified and be consistent for this edge case scenario.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org