You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Pavel Moravec (JIRA)" <ji...@apache.org> on 2012/05/16 10:35:02 UTC
[jira] [Created] (QPID-4003) qpid-cluster to allow --sasl-mechanism
option
Pavel Moravec created QPID-4003:
-----------------------------------
Summary: qpid-cluster to allow --sasl-mechanism option
Key: QPID-4003
URL: https://issues.apache.org/jira/browse/QPID-4003
Project: Qpid
Issue Type: Improvement
Components: Python Tools
Affects Versions: 0.14
Reporter: Pavel Moravec
Priority: Minor
Description of problem:
qpid-cluster shall have option --sasl-mechanism to select which SASL authentication mechanism it wishes to use. Other qpid tools have it.
That makes sense e.g. when more mechanisms are allowed and one wishes to authenticate qpid-cluster via Kerberos. Currently qpid-cluster picks up the most secure method (DIGEST-MD5) that can't be changed.
Trivial patch is already proposed.
Version-Release number of selected component (if applicable):
qpid 0.14
How reproducible:
100%
Steps to Reproduce:
1. don't limit auth.mechanisms in /etc/sasl2/qpidd.conf (comment out mech_list there, if present)
2. have auth=yes in a clustered broker
3. Setup Kerberos credentials.
4. Try to run qpid-cluster authenticating via Kerberos.
Actual results:
There is no option to pick up a mechanism (in our case, GSSAPI).
Expected results:
Have --sasl-mechanism option available.
Additional info:
Easy patch proposed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org
[jira] [Closed] (QPID-4003) qpid-cluster to allow --sasl-mechanism
option
Posted by "michael j. goulish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-4003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
michael j. goulish closed QPID-4003.
------------------------------------
Resolution: Fixed
Fix Version/s: 0.18
> qpid-cluster to allow --sasl-mechanism option
> ---------------------------------------------
>
> Key: QPID-4003
> URL: https://issues.apache.org/jira/browse/QPID-4003
> Project: Qpid
> Issue Type: Improvement
> Components: Python Tools
> Affects Versions: 0.14
> Reporter: Pavel Moravec
> Priority: Minor
> Labels: patch
> Fix For: 0.18
>
> Attachments: qpid-cluster-mechList.patch
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> Description of problem:
> qpid-cluster shall have option --sasl-mechanism to select which SASL authentication mechanism it wishes to use. Other qpid tools have it.
> That makes sense e.g. when more mechanisms are allowed and one wishes to authenticate qpid-cluster via Kerberos. Currently qpid-cluster picks up the most secure method (DIGEST-MD5) that can't be changed.
> Trivial patch is already proposed.
> Version-Release number of selected component (if applicable):
> qpid 0.14
> How reproducible:
> 100%
> Steps to Reproduce:
> 1. don't limit auth.mechanisms in /etc/sasl2/qpidd.conf (comment out mech_list there, if present)
> 2. have auth=yes in a clustered broker
> 3. Setup Kerberos credentials.
> 4. Try to run qpid-cluster authenticating via Kerberos.
>
> Actual results:
> There is no option to pick up a mechanism (in our case, GSSAPI).
> Expected results:
> Have --sasl-mechanism option available.
> Additional info:
> Easy patch proposed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org
[jira] [Updated] (QPID-4003) qpid-cluster to allow --sasl-mechanism
option
Posted by "Pavel Moravec (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-4003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pavel Moravec updated QPID-4003:
--------------------------------
Attachment: qpid-cluster-mechList.patch
patch implementing --sasl-mechanism option. Simple copy&paste code from qpid-stat, I verified it works properly.
> qpid-cluster to allow --sasl-mechanism option
> ---------------------------------------------
>
> Key: QPID-4003
> URL: https://issues.apache.org/jira/browse/QPID-4003
> Project: Qpid
> Issue Type: Improvement
> Components: Python Tools
> Affects Versions: 0.14
> Reporter: Pavel Moravec
> Priority: Minor
> Labels: patch
> Attachments: qpid-cluster-mechList.patch
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> Description of problem:
> qpid-cluster shall have option --sasl-mechanism to select which SASL authentication mechanism it wishes to use. Other qpid tools have it.
> That makes sense e.g. when more mechanisms are allowed and one wishes to authenticate qpid-cluster via Kerberos. Currently qpid-cluster picks up the most secure method (DIGEST-MD5) that can't be changed.
> Trivial patch is already proposed.
> Version-Release number of selected component (if applicable):
> qpid 0.14
> How reproducible:
> 100%
> Steps to Reproduce:
> 1. don't limit auth.mechanisms in /etc/sasl2/qpidd.conf (comment out mech_list there, if present)
> 2. have auth=yes in a clustered broker
> 3. Setup Kerberos credentials.
> 4. Try to run qpid-cluster authenticating via Kerberos.
>
> Actual results:
> There is no option to pick up a mechanism (in our case, GSSAPI).
> Expected results:
> Have --sasl-mechanism option available.
> Additional info:
> Easy patch proposed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org