Kerberos authentication for JMX?
Péter Gergely Horváth
peter.gergely.horvath at gmail.com
Mon Jun 11 13:14:04 UTC 2018
Hi All,
I have been working with Big Data for a while and I have seen that a number
of the components have started to have their own custom baked solutions
(minimalistic Web UIs) for basic management operations, like showing
metrics, debugging etc instead of using JMX.
I have the feeling that getting JMX working for dozens of different Java
services within a large cluster is an overly tough task, especially if you
do not want to make compromises around security. For me it seems, that at
the moment there is a gap between what the JDK offers regarding JMX
monitoring/management and what people would need in a real world setting to
use it effectively in an easy and secure way.
I am wondering if it would be possible to implement a Kerberos-based
authentication mechanism for JMX, allowing all services of a cluster to
authenticate JMX clients against a centrally managed Kerberos service, that
would also be officially supported by VisualVM so as to give an easy-to-use
user interface.
Based on my understanding, this could either be a new protocol
implementation or assuming JDK-8171311: REST APIs for JMX gets done, an
additional feature around there to support GSS Negotiate/SPNEGO based
authentication.
Could you please share your thoughts on this? Would anyone be interested to
sponsor this topic?
Thanks,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/serviceability-dev/attachments/20180611/0bc677ed/attachment.html>
More information about the serviceability-dev
mailing list