I noticed that to address this an environment variable was introduced for the scripts that can be set to enable/disable JMX RBAC. However when looking at it I noticed that the default is different on Windows and Unix.
Currently, on Unix the default is to have JMX RBAC enabled (when the $KARAF_ACL is not set), however on Windows the default is to have JMX RBAC disabled (when %KARAF_ACL% is not set). Any reason why they are different? And what do we want the default to be? I would personally say that it's better to have the more secure default, which is to have JMX RBAC enabled. Best regards, David On 22 October 2013 01:28, Jean-Baptiste Onofré <[email protected]> wrote: > Thanks for your comment David, it's what I suspected. > > I will at least update the documentation to explain this point to the users. > > Regards > JB > > > On 10/21/2013 01:56 PM, David Bosschaert wrote: >> >> I left a comment on KARAF-2506 >> >> With the new RBAC for JMX you need to be logged in as a user which >> needs some roles in order to get access to anything. So if you simply >> attach via JConsole to the local process it will show everything as >> unavailable. >> >> When you log in using the Remote Process mechanism from JConsole (i.e. >> via a URL like this: >> service:jmx:rmi://localhost:44444/jndi/rmi://localhost:1099/karaf-root) >> and provide username and password, it should all work... >> >> Cheers, >> >> David >> >> On 21 October 2013 12:40, Jean-Baptiste Onofré <[email protected]> wrote: >>> >>> Hi guys, >>> >>> just a quick update about that. >>> >>> I gonna commit the Aries Blueprint CM update: I tested locally, it looks >>> good to me. >>> >>> One blocking issue should be fixed: >>> https://issues.apache.org/jira/browse/KARAF-2506 >>> >>> We can not release a Karaf version with a JMX layer that doesn't really >>> work. >>> >>> I gonna take a look on that today. >>> >>> >>> Regards >>> JB >>> >>> On 10/08/2013 04:41 PM, Jean-Baptiste Onofré wrote: >>>> >>>> >>>> Hi all, >>>> >>>> Thanks to Dan, we got the Aries release required for Karaf 3.0.0. >>>> I'm upgrading on Karaf trunk. >>>> >>>> I'm working on the latest mandatory improvement (KARAF-2496) now. >>>> >>>> So, today, I will: >>>> - commit both blueprint upgrade and KARAF-2496 >>>> - update Jira to add 3.0.1 version >>>> - review the Jira and move to 3.0.1 >>>> >>>> I discussed with Jamie this morning, he's ready to cut off the 3.0.0 >>>> release. >>>> >>>> I propose to prepare the release and vote for next Thursday (it gives >>>> some time to latest fixes and tests tomorrow). >>>> >>>> WDYT ? >>>> >>>> Regards >>>> JB >>> >>> >>> >>> -- >>> Jean-Baptiste Onofré >>> [email protected] >>> http://blog.nanthrax.net >>> Talend - http://www.talend.com > > > -- > Jean-Baptiste Onofré > [email protected] > http://blog.nanthrax.net > Talend - http://www.talend.com
