You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by rhudumula <rh...@salesforce.com.INVALID> on 2021/03/17 06:01:03 UTC
Disable SASL in Broker-J
Hi Qpid Team,
Do we have an option to turn off SASL in Broker-J?
We do not want to use any authentication and ANONYMOUS auth is not an option
for us as FIPS blocks it.
Thanks,
Rajashekar
--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Disable SASL in Broker-J
Posted by Oleksandr Rudyy <or...@gmail.com>.
Hi Rajashekar,
If you are using certificate based authentication, then an EXTERNAL
authentication provider should work for you.
If not, I am afraid that configuring ANONYMOUS authentication provider
is your only option.
There is no switch to disable SASL authentication on the broker side.
Kind Regards,
Alex
On Thu, 18 Mar 2021 at 13:43, Rajashekar Hudumula
<rh...@salesforce.com.invalid> wrote:
>
> Thanks Alex for the quick response.
>
> Is it possible to disable the SASL framework altogether. I do not want any
> authentication for Qpid as we have mTLS protecting the communication
> between client and server hosts.
>
> Thanks,
> Rajashekar
>
>
> On Wed, Mar 17, 2021 at 5:33 PM Oleksandr Rudyy <or...@gmail.com> wrote:
>
> > Hi Rajashekar,
> > I am not sure I understood your request.
> > Are you asking to delegate authentication to an external system like
> > LDAP, Kerberos or OAUTH2 based, rather than managing user credentials
> > on the broker side?
> >
> > BTW, you can configure broker authentication using the following
> > mechanisms:
> > * external with certificate based authentication
> > * LDAP authentication
> > * Kerberos authentication
> > * OAUTH2 based authentication (there are a number of OAUTH2 based
> > authentication providers. If none of those used in your company, you
> > need to build your own auth provider)
> >
> >
> > Kind Regards,
> > Alex
> >
> > On Wed, 17 Mar 2021 at 06:01, rhudumula
> > <rh...@salesforce.com.invalid> wrote:
> > >
> > > Hi Qpid Team,
> > >
> > > Do we have an option to turn off SASL in Broker-J?
> > > We do not want to use any authentication and ANONYMOUS auth is not an
> > option
> > > for us as FIPS blocks it.
> > >
> > > Thanks,
> > > Rajashekar
> > >
> > >
> > >
> > > --
> > > Sent from:
> > http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > > For additional commands, e-mail: users-help@qpid.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > For additional commands, e-mail: users-help@qpid.apache.org
> >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Disable SASL in Broker-J
Posted by Rajashekar Hudumula <rh...@salesforce.com.INVALID>.
Thanks Alex for the quick response.
Is it possible to disable the SASL framework altogether. I do not want any
authentication for Qpid as we have mTLS protecting the communication
between client and server hosts.
Thanks,
Rajashekar
On Wed, Mar 17, 2021 at 5:33 PM Oleksandr Rudyy <or...@gmail.com> wrote:
> Hi Rajashekar,
> I am not sure I understood your request.
> Are you asking to delegate authentication to an external system like
> LDAP, Kerberos or OAUTH2 based, rather than managing user credentials
> on the broker side?
>
> BTW, you can configure broker authentication using the following
> mechanisms:
> * external with certificate based authentication
> * LDAP authentication
> * Kerberos authentication
> * OAUTH2 based authentication (there are a number of OAUTH2 based
> authentication providers. If none of those used in your company, you
> need to build your own auth provider)
>
>
> Kind Regards,
> Alex
>
> On Wed, 17 Mar 2021 at 06:01, rhudumula
> <rh...@salesforce.com.invalid> wrote:
> >
> > Hi Qpid Team,
> >
> > Do we have an option to turn off SASL in Broker-J?
> > We do not want to use any authentication and ANONYMOUS auth is not an
> option
> > for us as FIPS blocks it.
> >
> > Thanks,
> > Rajashekar
> >
> >
> >
> > --
> > Sent from:
> http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > For additional commands, e-mail: users-help@qpid.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>
Re: Disable SASL in Broker-J
Posted by Oleksandr Rudyy <or...@gmail.com>.
Hi Rajashekar,
I am not sure I understood your request.
Are you asking to delegate authentication to an external system like
LDAP, Kerberos or OAUTH2 based, rather than managing user credentials
on the broker side?
BTW, you can configure broker authentication using the following mechanisms:
* external with certificate based authentication
* LDAP authentication
* Kerberos authentication
* OAUTH2 based authentication (there are a number of OAUTH2 based
authentication providers. If none of those used in your company, you
need to build your own auth provider)
Kind Regards,
Alex
On Wed, 17 Mar 2021 at 06:01, rhudumula
<rh...@salesforce.com.invalid> wrote:
>
> Hi Qpid Team,
>
> Do we have an option to turn off SASL in Broker-J?
> We do not want to use any authentication and ANONYMOUS auth is not an option
> for us as FIPS blocks it.
>
> Thanks,
> Rajashekar
>
>
>
> --
> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org