On Jun 23, 2020, at 8:08 AM, Jakov Varenina
mailto:jakov.varen...@est.tech>> wrote:
We haven't gone far with the implementation of the solution described in the
research paper. So it is a great that you have found alternative and better
solution, but it seems that the attachment with patch is
Hi Jake and all,
Great findings and analysis Jake! Thank you very much for you effort!
We haven't gone far with the implementation of the solution described in
the research paper. So it is a great that you have found alternative and
better solution, but it seems that the attachment with patch
I went on a little journey to see if it was possible and it looks promising. I
was able to get access to the SSLSocket and thus the SSLContext.
Proof of concept patch attached.
> On Jun 19, 2020, at 2:53 PM, Jacob Barrett wrote:
>
> So I can see why this research paper was so bleak about the
In the old management team, we have been considering the idea of getting rid of
jmx connection in gfsh and only using http connection mechanism.
On Jun 19, 2020 2:53 PM, Jacob Barrett wrote:
So I can see why this research paper was so bleak about the options in trying
to get the SSL certificate
So I can see why this research paper was so bleak about the options in trying
to get the SSL certificate for the current connection being serviced. As they
discovered the accept loop in OpenJDK’s (and older Oracle implementations)
immediately fires the RMI operation to a thread pool after connec
On Jun 19, 2020, at 12:20 PM, Anthony Baker
mailto:bak...@vmware.com>> wrote:
That’s fine, I just want to understand what happens when I use this API:
createdAuthenticatedView(…)
Does it throw an exception? Silently work but not switch to the new user?
I would expect that first off we docum
That’s fine, I just want to understand what happens when I use this API:
createdAuthenticatedView(…)
Does it throw an exception? Silently work but not switch to the new user?
Thanks,
Anthony
On Jun 19, 2020, at 10:14 AM, Jacob Barrett
mailto:jabarr...@vmware.com>> wrote:
1) Multi-user auth
>
> On Jun 18, 2020, at 4:24 AM, Jakov Varenina
> mailto:jakov.varen...@est.tech>> wrote:
>
> In order to completely remove the need for username/password, it is required
> that we implement this new kind of authorization on *all* geode
> interfaces/components (cluster, gateway, web, jmx, lo
On Jun 18, 2020, at 4:24 AM, Jakov Varenina
mailto:jakov.varen...@est.tech>> wrote:
Hi Anthony and all,
I have been working with Mario on this feature. Let me first answer the
questions:
1) Multi-user authentication will not be supported when using this new kind of
SecurityManager implement
Hi Anthony and all,
I have been working with Mario on this feature. Let me first answer the
questions:
1) Multi-user authentication will not be supported when using this new
kind of SecurityManager implementation.
2) The idea was to use only CN for principal, and ignore SAN (this would
be
Hi Mario, just curious if you’ve made any progress on this as of yet. I have a
few questions:
1) What is the implication for multi-user auth? Would this just become a no-op
for this kind of SecurityManager implementation? See [1][2].
2) I’m not sure that the CN is sufficiently general. What
Hi all,
Kindly reminder on this question.
Thanks in an advance!
BR,
Mario
Šalje: Mario Kevo
Poslano: 22. svibnja 2020. 13:56
Prima: dev@geode.apache.org
Predmet: Certificate based authorization - CN authorization in jmx
Hi geode-dev,
We are working on implemen
long time ago, I will move it to next phase.
If someone has some comments or advices please feel free to add it here or on
the RFC.
Thank you all,
Mario
Šalje: Jens Deppe
Poslano: 6. prosinca 2019. 18:06
Prima: dev@geode.apache.org
Predmet: Re: Odg: Certificate
Thanks for the write-up. I think it does require a bit of clarification
around how the functionality is enabled.
You've stated:
For client connections, we could presume that certificate based
> authorization should be used if both features are enabled, but the client
> cache properties don’t prov
Hi all,
I wrote up a proposal for Certificate Based Authorization.
Please review and comment on the below proposal.
https://cwiki.apache.org/confluence/display/GEODE/Certificate+Based+Authorization
BR,
Mario
Šalje: Udo Kohlmeyer
Poslano: 2. prosinca 2019. 20:10
15 matches
Mail list logo
