You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@qpid.apache.org by kw...@apache.org on 2015/08/06 10:23:43 UTC

svn commit: r1694421 - /qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml

Author: kwall
Date: Thu Aug  6 08:23:43 2015
New Revision: 1694421

URL: http://svn.apache.org/r1694421
Log:
QPID-6606: [Java Broker Docs] Document the AuthenticationProviders' behaviour regarding authentication mechanisms

Work by Lorenz Quack <qu...@gmail.com>

Modified:
    qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml

Modified: qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
URL: http://svn.apache.org/viewvc/qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml?rev=1694421&r1=1694420&r2=1694421&view=diff
==============================================================================
--- qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml (original)
+++ qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml Thu Aug  6 08:23:43 2015
@@ -38,6 +38,23 @@
     </para>
   </important>
 
+  <note>
+    <para>
+      Authentication Providers may choose to selectively disable certain authentication mechanisms
+      depending on whether an encrypted transport is being used or not. This is to avoid insecure
+      configurations. Notably, by default the PLAIN mechanism will be disabled on non-SSL
+      connections. This security feature can be overwritten by setting
+      <programlisting>secureOnlyMechanisms = []</programlisting> in the authentication provider
+      section of the config.json.
+      <warning>
+        <para>
+          Changing the secureOnlyMechanism is a breach of security and might cause passwords to be
+          transfered in the clear. Use at your own risk!
+        </para>
+      </warning>
+    </para>
+  </note>
+
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Authentication-Providers-LDAP.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Authentication-Providers-Kerberos.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Authentication-Providers-External.xml"/>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org