You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by mg...@apache.org on 2012/08/24 17:22:04 UTC

svn commit: r1376958 - /qpid/trunk/qpid/cpp/etc/sasl2/qpidd.conf

Author: mgoulish
Date: Fri Aug 24 15:22:04 2012
New Revision: 1376958

URL: http://svn.apache.org/viewvc?rev=1376958&view=rev
Log:
QPID-4244 : expand broker mech list in sasl config file.

in The file /etc/sasl2/qpidd.conf, expand the list to: 
  ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN
and improve the comments.


Modified:
    qpid/trunk/qpid/cpp/etc/sasl2/qpidd.conf

Modified: qpid/trunk/qpid/cpp/etc/sasl2/qpidd.conf
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/etc/sasl2/qpidd.conf?rev=1376958&r1=1376957&r2=1376958&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/etc/sasl2/qpidd.conf (original)
+++ qpid/trunk/qpid/cpp/etc/sasl2/qpidd.conf Fri Aug 24 15:22:04 2012
@@ -18,33 +18,31 @@
 #
 #
 #---------------------------------
-# Mechanisms and Users
+# SASL Mechanisms and Users
 #---------------------------------
 #
-# This default qpidd configuration allows for only SASL ANONYMOUS authentication. 
-# To additionally enable DIGEST-MD5 authentication:
-#
-# 1. edit the mech_list below to read   
-#      mech_list: DIGEST-MD5 ANONYMOUS
-#
-# 2. To add new a new user+password to the sasldb file:
-#      echo $PASSWD | saslpasswd2 -c -p -f $SASLTEST_DB -u QPID $USERNAME
-#
+# This default mech list allows for PLAIN, but that
+# mechanism sends credentials in the clear, and is normally 
+# only used along with SSL transport-layer security.
+#
+# This default also permits DIGEST-MD5, but you must have
+# a user and password defined in your sasldb file to use
+# this mechanism.    ( See notes below. )
 #
 #                              PLEASE NOTE 
 #  For production messaging systems, a high-security mechanism such as
-#  DIGEST-MD5 or PLAIN+SSL should be enabled.
+#  DIGEST-MD5 or PLAIN+SSL should be used.
 #
 #
 pwcheck_method: auxprop
 auxprop_plugin: sasldb
 sasldb_path: /var/lib/qpidd/qpidd.sasldb
-mech_list: ANONYMOUS
+mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN
 
 
 
 #---------------------------------
-# Other Notes
+# Please Note
 #---------------------------------
 #
 # 1. If you use a nonstandard location for your sasl_config directory,
@@ -60,15 +58,19 @@ mech_list: ANONYMOUS
 #       /var/lib/qpidd/qpidd.sasldb
 #
 # 3. You can see what usernames have been stored in the sasldb, with the
-#    sasldblistusers2 command.
+#    command "sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb"
 #
 # 4. The REALM is important and should be the same as the --realm
 #    option to the broker. This lets the broker properly find the user in
 #    the sasldb file.
 #
 # 5. The sasldb file must be readable by the user running the qpidd
-#    daemon, and should be readable only by that user.
+#    daemon, ( the user name is qpidd ) and should be readable only 
+#    by that user.
 #
+# 6. The EXTERNAL mechanism allows you to use SSL transport layer 
+#    security.  In that case, you can also set the broker option
+#    --ssl-require-client-authentication .
 
 
 



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org