You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by wa...@tutanota.com on 2019/07/15 02:07:56 UTC

AMQP SASL Authentication / Authorization (Artemis)

I'm confused by the official Artemis doc re: AMQP Authentication / Authorization.

When a client connects to the Artemis broker, using the AMQP protocol, what are the SASL mechanisms that are supported by the broker:
From my understanding of the doc, only the following are supported:
  EXTERNAL: Mutual Certificate checks
  PLAIN: User / Password
  GSSAPI: requires a Kerberos server, which then integrates with LDAP, etc
  ANONYMOUS:

Are there any other mechanisms?

Can AMQP connections authenticating with SASL use the jaas.LDAPLoginModule directly or can this module only be used by integrating with the Kerberos module? Can LDAP be used directly if it provides an GSSAPI interface? If the answer is no -- is this feature on a list of future plans to implement?

When using the EXTERNAL Certificate authentication method -- can this only be done with configs and values only in flat properties files on the broker (ie not in LDAP)?

AMQP Settings Missing from Documentation (Artemis)

Posted by wa...@tutanota.com.

(Please see the AMQP spec if something is not clear/detailed enough)
In the official documentation a lot of the AMQP settings seem to be missing for eg:

1) 
AMQP link flow control (ie message limits) settings:
These can be glimpsed in some examples but they are never explicitly mentioned
amqpCredits
amqpLowCredits
What do these mean?

2)
AMQP session level flow control: (ie frame limits [both ways!] Controlling the number of frames able to be sent/received (this is pretty much: byte size window limits))

I can't see a setting for this -- unless it's: "producerWindowSize" (is this only for core protocol?)
 In the section: [Blocking AMQP Producers] it is just using link level flow control (not session level flow control). What's the point of sending a 100 credits and then replenishing once credit reaches 30? Isn't this a bottomless pit? (Shouldn't credit be able to reach 0? And shouldn't replenishment only happen when unACKed messages start getting ACKed?)
 Is the max-size-bytes parameter using session level flow control?

3) 
AMQP batch ACK settings:
The only value I saw for this was: confirmation-windowsize but this is only set on the clients?
Is there any such value for the broker?