You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/11/05 16:33:00 UTC

[jira] [Commented] (ARTEMIS-2971) outgoing 'server-connection' doesnt support ANONYMOUS or EXTERNAL SASL mechanisms

    [ https://issues.apache.org/jira/browse/ARTEMIS-2971?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17226810#comment-17226810 ] 

ASF subversion and git services commented on ARTEMIS-2971:
----------------------------------------------------------

Commit 5ff075b7ff945be572f74c98981b1d74d3017376 in activemq-artemis's branch refs/heads/master from Robbie Gemmell
[ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=5ff075b ]

ARTEMIS-2971: add ANONYMOUS and EXTERNAL SASL mechanism support for outgoing AMQP server connections


> outgoing 'server-connection' doesnt support ANONYMOUS or EXTERNAL SASL mechanisms
> ---------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-2971
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2971
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>    Affects Versions: 2.16.0
>            Reporter: Robbie Gemmell
>            Assignee: Clebert Suconic
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> The broker supports using ANONYMOUS and EXTERNAL (and PLAIN) SASL mechanisms for connecting AMQP clients to the broker. However, it doesnt support either for the outgoing 'server-connection' feature to have the broker establish connections to other servers. This means an Artemis broker may be unable to connect to another Artemis broker using this feature, depending on its configuration.
> The broker currently only supports using PLAIN if a user+pass is supplied for the outgoing connection, or using a raw AMQP (no SASL) connection if no user+pass is supplied. This means the broker cant connect to a server unless it either offers PLAIN, or accepts bare AMQP without SASL auth (which some dont, e.g I think ActiveMQ 5 by default at least).
>  
> EXTERNAL is going to be fairly desirable for such use cases. Using SASL ANONYMOUS for connections without user+pass/EXTERNAL woud be a more typical default, but it should at least be supported if not the default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)