On Tue, Nov 2, 2010 at 21:51, Eric Charles <e...@apache.org> wrote: > Hi, > > I don't know if java or windows is to blame for the jmx.password stuff, but > if we leave it as now, users will blame james... > I'm with Stefano on the need to have a working james without changing > anything. > > The idea was to replace the remotemanager with a command line tool ('james > adduser...',...) that would access jmx . > If we disable jmx, the cli commands will not work. > > I googled a bit to find a workaround, but they all say to change file > permission. > I also looked at SSL security > (http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html#SSL_enabled), > but I don't get it completely, especially the SSL authentication. > > I see for now 3 options: > 1.- Disable jmx -> Oblige user to change spring-beans.xml to enable it, no > cli management. > 2.- Enable jmx wide-open (no username/pwd) -> not really secured for a > professional solution > 3.- Enable jmx with username/pwd -> we know the consequences. > > Option 2 may be the less bad (more user friendly) and we could stress on doc > to enable username/pwd.
The problem with JMX is, that it's of no use when you lock your headless DC JAMES server down and SSH into the machine. While I was strong pro-JMX some years ago, I now think a proper command line (see Hadoop, Geronimo) is great, a webbased admin tool is great, too. JMX is nice to have and I would never open JMX for remote access on my servers. That said I'm +1 for binding JMX to the localhosts only. Bernd --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org