You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2015/08/06 10:23:43 UTC
svn commit: r1694421 -
/qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
Author: kwall
Date: Thu Aug 6 08:23:43 2015
New Revision: 1694421
URL: http://svn.apache.org/r1694421
Log:
QPID-6606: [Java Broker Docs] Document the AuthenticationProviders' behaviour regarding authentication mechanisms
Work by Lorenz Quack <qu...@gmail.com>
Modified:
qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
Modified: qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
URL: http://svn.apache.org/viewvc/qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml?rev=1694421&r1=1694420&r2=1694421&view=diff
==============================================================================
--- qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml (original)
+++ qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml Thu Aug 6 08:23:43 2015
@@ -38,6 +38,23 @@
</para>
</important>
+ <note>
+ <para>
+ Authentication Providers may choose to selectively disable certain authentication mechanisms
+ depending on whether an encrypted transport is being used or not. This is to avoid insecure
+ configurations. Notably, by default the PLAIN mechanism will be disabled on non-SSL
+ connections. This security feature can be overwritten by setting
+ <programlisting>secureOnlyMechanisms = []</programlisting> in the authentication provider
+ section of the config.json.
+ <warning>
+ <para>
+ Changing the secureOnlyMechanism is a breach of security and might cause passwords to be
+ transfered in the clear. Use at your own risk!
+ </para>
+ </warning>
+ </para>
+ </note>
+
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Authentication-Providers-LDAP.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Authentication-Providers-Kerberos.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Authentication-Providers-External.xml"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org