Enabling JMX authentication

Steps to enable remote JMX connections.

1. Open the cassandra-env.ps1 file for editing and update or add these lines:

   JVM_OPTS="$env:JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true"
   JVM_OPTS="$env:JVM_OPTS -Dcom.sun.management.jmxremote.password.file=\etc\cassandra\jmxremote.password"

   If the LOCAL_JMX setting is in your file, set:

   LOCAL_JMX=no

   The location of the cassandra-env.sh file depends on the type of installation:

   Package installations	/etc/cassandra/cassandra-env.sh
   Tarball installations	install_location/conf/cassandra-env.sh

   The location of the cassandra-env.ps1 is:

   Windows installations	C:\Program Files\DataStax Community\apache-cassandra\conf\cassandra-env.ps1

2. Copy the jmxremote.password.template from C:\Program Files\DataStax Community\jre\lib\management to C:\Users\current_user\jmx and rename it to jmxremote.password.
   Note: This is a sample path. Set the location of this file in C:\Program Files\DataStax Community\jre\lib\management\management.properties .
3. For the user running Cassandra, change permission of jmxremote.password to read only.
4. Edit jmxremote.password and add the user and password for JMX-compliant utilities:

   monitorRole QED
   controlRole R&D
   cassandra cassandrapassword ## Specify the credentials for your environment.

5. Add the cassandra user with read permission to C:\Program Files\DataStax Community\jre\lib\management\jmxremote.access:

   monitorRole readonly
   cassandra readwrite
   controlRole readwrite \
   create javax.management.monitor.,javax.management.timer. \
   unregister

6. Restart Cassandra.
7. Run nodetool status with the cassandra user and password.

   C:\> %CASSANDRA_HOME%\nodetool status -u cassandra -pw cassandra

Exception in thread "main" java.lang.SecurityException: Authentication failed! Credentials required
at com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(Unknown Source)
at com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(Unknown Source)
at sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(Unknown Source)
at javax.management.remote.rmi.RMIServerImpl.doNewClient(Unknown Source)
at javax.management.remote.rmi.RMIServerImpl.newClient(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(Unknown Source)
at javax.management.remote.rmi.RMIConnector.connect(Unknown Source)
at javax.management.remote.JMXConnectorFactory.connect(Unknown Source)
at org.apache.cassandra.tools.NodeProbe.connect(NodeProbe.java:146)
at org.apache.cassandra.tools.NodeProbe.<init>(NodeProbe.java:116)
at org.apache.cassandra.tools.NodeCmd.main(NodeCmd.java:1099)