smiklosovic commented on code in PR #3708: URL: https://github.com/apache/cassandra/pull/3708#discussion_r1867349652
########## conf/cassandra.yaml: ########## @@ -1721,14 +1721,57 @@ client_encryption_options: # JMX SSL. # Similar to `client/server_encryption_options`, you can specify PEM-based # key material or customize the SSL configuration using `ssl_context_factory` in `jmx_encryption_options`. -#jmx_encryption_options: -# enabled: true -# cipher_suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] -# accepted_protocols: [TLSv1.2,TLSv1.3,TLSv1.1] -# keystore: conf/cassandra_ssl.keystore -# keystore_password: cassandra -# truststore: conf/cassandra_ssl.truststore -# truststore_password: cassandra +#jmx_server_options: + # enabled: true + # remote: false + # jmx_port: 7199 + # + # Port used by the RMI registry when remote connections are enabled. + # To simplify firewall configs, this can be set to the same as the JMX server port (port). See CASSANDRA-7087. + # However, if ssl is enabled the same port cannot be used for both jmx and rmi so either + # pick another value for this property. Alternatively, comment out or set to 0 to use a random + # port (pre-CASSANDRA-7087 behaviour) + # rmi_port: 7199 + # + # jmx ssl options - only apply when remote connections are enabled + # + # jmx_encryption_options: + # enabled: true + # cipher_suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] + # accepted_protocols: [TLSv1.2,TLSv1.3,TLSv1.1] + # keystore: conf/cassandra_ssl.keystore + # keystore_password: cassandra + # truststore: conf/cassandra_ssl.truststore + # truststore_password: cassandra + # + # jmx authentication and authorization options. + # authenticate: false + # + # Options for basic file based authentication & authorization + # password_file: /etc/cassandra/jmxremote.password + # access_file: /etc/cassandra/jmxremote.access + # + # Custom auth settings which can be used as alternatives to JMX's out of the box auth utilities. + # JAAS login modules can be used for authentication using this property.Cassandra ships with a + # LoginModule implementation - org.apache.cassandra.auth.CassandraLoginModule - which delegates + # to the IAuthenticator configured in cassandra.yaml. + # + # auth_config_name refers to the Application Name in the JAAS configuration under which the + # desired LoginModule(s) are configured. + # The location of the JAAS config file may be set using the standard JVM mechanism, by setting + # the system property "java.security.auth.login.config". If this property is set, it's value + # will be used to locate the config file. For convenience, if the property is not already set + # at startup, a value can be supplied here via the auth_config_file setting. Review Comment: yes -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
