You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Arnaud Simon (JIRA)" <qp...@incubator.apache.org> on 2007/10/18 13:19:50 UTC
[jira] Created: (QPID-648) use basic password file for providing
user authentication
use basic password file for providing user authentication
----------------------------------------------------------
Key: QPID-648
URL: https://issues.apache.org/jira/browse/QPID-648
Project: Qpid
Issue Type: Improvement
Components: C++ Broker
Affects Versions: M3
Reporter: Arnaud Simon
Priority: Minor
It is required by JMS to authenticate users at connection creation time. It would be useful if the broker can provide such a basic authentication mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (QPID-648) Provide some form of authentication
Posted by "Gordon Sim (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588538#action_12588538 ]
Gordon Sim commented on QPID-648:
---------------------------------
Committed Matts patch which authenticates the 0-10 preview codepath (99-0). Will move the functionality onto the 0-10 final codepath shortly.
> Provide some form of authentication
> -----------------------------------
>
> Key: QPID-648
> URL: https://issues.apache.org/jira/browse/QPID-648
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M3
> Reporter: Arnaud Simon
> Priority: Minor
> Attachments: sasl_plain_auth.patch
>
>
> It is required by JMS to authenticate users at connection creation time. It would be useful if the broker can provide such a basic authentication mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (QPID-648) Provide some form of authentication
Posted by "Matthew Farrellee (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matthew Farrellee updated QPID-648:
-----------------------------------
Attachment: sasl_plain_auth.patch
Attached is a patch containing an initial implementation of the SASL Plain authentication mechanism for connection.start-ok in the PreviewConnectionHandler::Handler. It is compiled if cyrus-sasl is available, and can be disabled with an --auth parameter to qpidd.
> Provide some form of authentication
> -----------------------------------
>
> Key: QPID-648
> URL: https://issues.apache.org/jira/browse/QPID-648
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M3
> Reporter: Arnaud Simon
> Priority: Minor
> Attachments: sasl_plain_auth.patch
>
>
> It is required by JMS to authenticate users at connection creation time. It would be useful if the broker can provide such a basic authentication mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (QPID-648) Provide some form of authentication
Posted by "Gordon Sim (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gordon Sim resolved QPID-648.
-----------------------------
Resolution: Fixed
Resolved for now; updates in the future will have more specific JIRAs.
> Provide some form of authentication
> -----------------------------------
>
> Key: QPID-648
> URL: https://issues.apache.org/jira/browse/QPID-648
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M3
> Reporter: Arnaud Simon
> Assignee: Gordon Sim
> Priority: Minor
> Attachments: sasl_authentication.patch2, sasl_final.patch, sasl_listmech.patch, sasl_plain_auth.patch
>
>
> It is required by JMS to authenticate users at connection creation time. It would be useful if the broker can provide such a basic authentication mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (QPID-648) Provide some form of authentication
Posted by "Matthew Farrellee (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matthew Farrellee updated QPID-648:
-----------------------------------
Attachment: SASLConfigPackage.diff
Initial packaging of SASL config and default database
Moved make rules for etc/ into new etc/Makefile.am, and added sasl2/qpidd.conf. Updated qpidc.spec.in to package new SASL files, and require cyrus-sasl[-devel] for qpidd.
The default sasl2/qpidd.conf allows for ANONYMOUS and PLAIN authentication, and the default sasldb contains a single user, guest, with an obvious password.
Also, added an --auth-realm option to qpidd so that the broker knows what realm to look for the authenticating users in. The default realm is QPID. So, either users should be added to that realm in the sasldb file or --auth-realm should be used to specify the desired realm.
It is important to note that to use any default clients (qpid tools/console/etc) right now there must be a guest user in the realm that the broker is using. The default sasldb contains the guest@QPID user.
> Provide some form of authentication
> -----------------------------------
>
> Key: QPID-648
> URL: https://issues.apache.org/jira/browse/QPID-648
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M3
> Reporter: Arnaud Simon
> Assignee: Gordon Sim
> Priority: Minor
> Attachments: sasl_authentication.patch2, sasl_final.patch, sasl_listmech.patch, sasl_plain_auth.patch, SASLConfigPackage.diff
>
>
> It is required by JMS to authenticate users at connection creation time. It would be useful if the broker can provide such a basic authentication mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (QPID-648) Provide some form of authentication
Posted by "Gordon Sim (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gordon Sim updated QPID-648:
----------------------------
Summary: Provide some form of authentication (was: use basic password file for providing user authentication )
> Provide some form of authentication
> -----------------------------------
>
> Key: QPID-648
> URL: https://issues.apache.org/jira/browse/QPID-648
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M3
> Reporter: Arnaud Simon
> Priority: Minor
>
> It is required by JMS to authenticate users at connection creation time. It would be useful if the broker can provide such a basic authentication mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (QPID-648) Provide some form of authentication
Posted by "Matthew Farrellee (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matthew Farrellee updated QPID-648:
-----------------------------------
Attachment: sasl_authentication.patch2
This patch (based off of r647825) provides more complete SASL authentication. It allows for the use of mechanisms other than PLAIN, though no clients exist that implement anything but PLAIN. Its current limitation is in providing the list of supported mechanisms to the client via connection.start.
Once applied you can setup a /etc/sasl2/qpidd.conf file to use a simple password file stored in /tmp/qpidd.sasldb. The conf and sasldb files must be readable by the user running the broker. It is also not advisable to keep the sasldb file in /tmp for anything other than testing.
qpidd.conf:
$ cat /etc/sasl2/qpidd.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain
sasldb_path: /tmp/qpidd.sasldb
add a user to the sasldb:
$ saslpasswd2 -f /tmp/qpidd.sasldb guest
> Provide some form of authentication
> -----------------------------------
>
> Key: QPID-648
> URL: https://issues.apache.org/jira/browse/QPID-648
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M3
> Reporter: Arnaud Simon
> Assignee: Gordon Sim
> Priority: Minor
> Attachments: sasl_authentication.patch2, sasl_plain_auth.patch
>
>
> It is required by JMS to authenticate users at connection creation time. It would be useful if the broker can provide such a basic authentication mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (QPID-648) Provide some form of authentication
Posted by "Matthew Farrellee (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matthew Farrellee updated QPID-648:
-----------------------------------
Attachment: sasl_listmech.patch
Now that PreviewConnectionHandler's constructor can throw an exception a proper mechanisms list is constructed and sent as part of connection.start
FYI, a very basic SASL conf file could contain simply "mech_list: anonymous" and a client would not need to provide any information to the broker except that it wishes to use the ANONYMOUS mechanism.
> Provide some form of authentication
> -----------------------------------
>
> Key: QPID-648
> URL: https://issues.apache.org/jira/browse/QPID-648
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M3
> Reporter: Arnaud Simon
> Assignee: Gordon Sim
> Priority: Minor
> Attachments: sasl_authentication.patch2, sasl_listmech.patch, sasl_plain_auth.patch
>
>
> It is required by JMS to authenticate users at connection creation time. It would be useful if the broker can provide such a basic authentication mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (QPID-648) Provide some form of authentication
Posted by "Gordon Sim (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gordon Sim reassigned QPID-648:
-------------------------------
Assignee: Gordon Sim
> Provide some form of authentication
> -----------------------------------
>
> Key: QPID-648
> URL: https://issues.apache.org/jira/browse/QPID-648
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M3
> Reporter: Arnaud Simon
> Assignee: Gordon Sim
> Priority: Minor
> Attachments: sasl_plain_auth.patch
>
>
> It is required by JMS to authenticate users at connection creation time. It would be useful if the broker can provide such a basic authentication mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (QPID-648) Provide some form of authentication
Posted by "Matthew Farrellee (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matthew Farrellee updated QPID-648:
-----------------------------------
Attachment: sasl_final.patch
Implementation for the 0-10 ConnectionHandler...
> Provide some form of authentication
> -----------------------------------
>
> Key: QPID-648
> URL: https://issues.apache.org/jira/browse/QPID-648
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M3
> Reporter: Arnaud Simon
> Assignee: Gordon Sim
> Priority: Minor
> Attachments: sasl_authentication.patch2, sasl_final.patch, sasl_listmech.patch, sasl_plain_auth.patch
>
>
> It is required by JMS to authenticate users at connection creation time. It would be useful if the broker can provide such a basic authentication mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.