On Tue, Nov 2, 2010 at 21:51, Eric Charles <e...@apache.org> wrote:
> Hi,
>
> I don't know if java or windows is to blame for the jmx.password stuff, but
> if we leave it as now, users will blame james...
> I'm with Stefano on the need to have a working james without changing
> anything.
>
> The idea was to replace the remotemanager with a command line tool ('james
> adduser...',...) that would access jmx .
> If we disable jmx, the cli commands will not work.
>
> I googled a bit to find a workaround, but they all say to change file
> permission.
> I also looked at SSL security
> (http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html#SSL_enabled),
> but I don't get it completely, especially the SSL authentication.
>
> I see for now 3 options:
> 1.- Disable jmx -> Oblige user to change spring-beans.xml to enable it, no
> cli management.
> 2.- Enable jmx wide-open (no username/pwd) -> not really secured for a
> professional solution
> 3.- Enable jmx with username/pwd -> we know the consequences.
>
> Option 2 may be the less bad (more user friendly) and we could stress on doc
> to enable username/pwd.The problem with JMX is, that it's of no use when you lock your headless DC JAMES server down and SSH into the machine. While I was strong pro-JMX some years ago, I now think a proper command line (see Hadoop, Geronimo) is great, a webbased admin tool is great, too. JMX is nice to have and I would never open JMX for remote access on my servers. That said I'm +1 for binding JMX to the localhosts only. Bernd --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org
