qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kw...@apache.org
Subject svn commit: r1694421 - /qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
Date Thu, 06 Aug 2015 08:23:43 GMT
Author: kwall
Date: Thu Aug  6 08:23:43 2015
New Revision: 1694421

URL: http://svn.apache.org/r1694421
Log:
QPID-6606: [Java Broker Docs] Document the AuthenticationProviders' behaviour regarding authentication
mechanisms

Work by Lorenz Quack <quack.lorenz@gmail.com>

Modified:
    qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml

Modified: qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
URL: http://svn.apache.org/viewvc/qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml?rev=1694421&r1=1694420&r2=1694421&view=diff
==============================================================================
--- qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
(original)
+++ qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
Thu Aug  6 08:23:43 2015
@@ -38,6 +38,23 @@
     </para>
   </important>
 
+  <note>
+    <para>
+      Authentication Providers may choose to selectively disable certain authentication mechanisms
+      depending on whether an encrypted transport is being used or not. This is to avoid
insecure
+      configurations. Notably, by default the PLAIN mechanism will be disabled on non-SSL
+      connections. This security feature can be overwritten by setting
+      <programlisting>secureOnlyMechanisms = []</programlisting> in the authentication
provider
+      section of the config.json.
+      <warning>
+        <para>
+          Changing the secureOnlyMechanism is a breach of security and might cause passwords
to be
+          transfered in the clear. Use at your own risk!
+        </para>
+      </warning>
+    </para>
+  </note>
+
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Authentication-Providers-LDAP.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Authentication-Providers-Kerberos.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Authentication-Providers-External.xml"/>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message