You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by gt...@apache.org on 2017/08/09 16:23:25 UTC

activemq-artemis git commit: [ARTEMIS-1310] addition of sample config scope to krb5 doc

Repository: activemq-artemis
Updated Branches:
  refs/heads/master d4a7aebb6 -> 5909a24cd


[ARTEMIS-1310] addition of sample config scope to krb5 doc


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/5909a24c
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/5909a24c
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/5909a24c

Branch: refs/heads/master
Commit: 5909a24cd389c55e5081cf1e497d87ffc4c362f4
Parents: d4a7aeb
Author: gtully <ga...@gmail.com>
Authored: Wed Aug 9 17:21:39 2017 +0100
Committer: gtully <ga...@gmail.com>
Committed: Wed Aug 9 17:21:39 2017 +0100

----------------------------------------------------------------------
 docs/user-manual/en/security.md | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/5909a24c/docs/user-manual/en/security.md
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/security.md b/docs/user-manual/en/security.md
index e77a0dd..24fbcd3 100644
--- a/docs/user-manual/en/security.md
+++ b/docs/user-manual/en/security.md
@@ -659,8 +659,20 @@ authentication, TLS can be used to provide integrity and confidentially to the c
 The `GSSAPI` SASL mechanism must be enabled on the amqp acceptor by adding it to the `saslMechanisms` list url parameter:
 `saslMechanisms="GSSAPI<,PLAIN, etc>`.
 
-By default the server will use a JAAS login configuration scope named `amqp-sasl-gssapi` to obtain acceptor Kerberos
-credentials. An alternative configuration scope can be specified on the amqp acceptor url using the parameter: `saslLoginConfigScope=<some other scope>`.
+The server will use a JAAS login configuration scope named `amqp-sasl-gssapi` to obtain Kerberos acceptor credentials.
+An alternative configuration scope can be specified on the amqp acceptor using the url parameter: `saslLoginConfigScope=<some other scope>`.
+
+A sample configuration scope in 'login.config' that will pick up a Kerberos keyTab for the Kerberos acceptor Principal
+'amqp/localhost' is as follows:
+
+    amqp-sasl-gssapi {
+        com.sun.security.auth.module.Krb5LoginModule required
+        isInitiator=false
+        storeKey=true
+        useKeyTab=true
+        principal="amqp/localhost"
+        debug=true;
+    };
 
 On the server, the Kerberos authenticated Peer Principal can be associated with a JAAS Subject as an Apache ActiveMQ Artemis UserPrincipal
 using the Apache ActiveMQ Artemis Krb5LoginModule login module. The [PropertiesLoginModule](#propertiesloginmodule) can be used to map