I have a follow up question. It is good that one can disable this feature, but if someone would like to use this feature of bin/client to connect without a password but do so with their own public/private key pair, how would bin/client be told to use it? Is that possible or is the private key built in to org.apache.karaf.client.Main?
On Tue, Jul 5, 2016 at 4:16 PM, Kevin Schmidt <ktschm...@gmail.com> wrote: > I just followed the instructions to secure the container and using > bin/client does now require a password and doesn't successfully connect to > the container. I did this with Karaf 3.0.6. Perhaps something changed > with Karaf 4? > > Kevin > > On Tue, Jul 5, 2016 at 3:49 PM, Elliot Huntington < > elliot.hunting...@gmail.com> wrote: > >> I wrote a question ( >> http://stackoverflow.com/questions/38176918/how-to-secure-the-default-apache-karaf-installation) >> on stack overflow pertaining to Christian Schneider's blog post, How to >> hack into any default apache karaf installation >> <http://www.liquid-reality.de/display/liquid/2014/01/08/How+to+hack+into+any+default+apache+karaf+installation>. >> After following his instructions to secure the container the `bin/client` >> command, rather than failing, appears to create a new file `etc/host.key` >> and successfully connects to the container. This was unexpected according >> to the blog post. >> >> It would be helpful if someone would answer this question on stack >> overflow. >> >> Thanks, >> Elliot >> > >