activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Piotr Klimczak (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (AMQ-4693) Add kerberos [SASL] authentication for TCP connectors
Date Sun, 07 Dec 2014 12:09:13 GMT

    [ https://issues.apache.org/jira/browse/AMQ-4693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14237118#comment-14237118
] 

Piotr Klimczak edited comment on AMQ-4693 at 12/7/14 12:08 PM:
---------------------------------------------------------------

Hi Ryan!

Thanks for feedback!
As this solution is built on top of RFC2712, it is using TCP and SSL protocol with Kerberos
tokens handshake.
As failover works for plain SSL, then it should work for Kerberos too I believe.
I have performed some tests:
1. Amended org.apache.activemq.network.NetworkFailoverTest to use krb5 protocol instead of
tcp- PASSING
2. Crafted my own test with broker1 is starting, connecting 3 consumers with failover protocol,
broker1 stopping, starting broker2, sending 3 messagaes. As a result consumers are reconnecting
from broker1 to broker2 and consuming messages properly.

Do you remember what exactly failed in your scenario?
Haven't tested it yet on 2 different machines. Do you remember whether your problem occurs
when testing failover on one machine?

What I haven't tested yet is token expiration, which might cause the problem you described
above. Will try to test it soon and will be back with results.

Thanks in advance for feedback.
Piotr Klimczak




was (Author: nannou9):
Hi Ryan!

Thanks for feedback!
As this solution is built on top of RFC2712, it is using TCP and SSL protocol with Kerberos
tokens handshake.
As failover works for plain SSL, then it should work for Kerberos too I believe.
I have performed some tests:
1. Amended org.apache.activemq.network.NetworkFailoverTest to use krb5 protocol instead of
tcp- PASSING
2. Crafted my own test with broker1 is starting, connecting 3 consumers with failover protocol,
broker1 stopping, starting broker2, sending 3 messagaes. As a result consumers are reconnecting
from broker1 to broker2 and consuming messages properly.

Do you remember what exactly failed in your scenario?
Haven't tested it yet on 2 different machines. Do you remember whether your problem occurs
when testing failover on one machine?

Thanks in advance for feedback.
Piotr Klimczak



> Add kerberos [SASL] authentication for TCP connectors
> -----------------------------------------------------
>
>                 Key: AMQ-4693
>                 URL: https://issues.apache.org/jira/browse/AMQ-4693
>             Project: ActiveMQ
>          Issue Type: New Feature
>          Components: Broker
>    Affects Versions: 5.8.0
>         Environment: linux, solaris
>            Reporter: Bhanu
>            Priority: Minor
>             Fix For: Unscheduled
>
>
> Hi,
> Can kerberos based authentication be added to ActiveMQ's TCP connectors.
> Thanks,
> Bhanu



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message