qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gordon Sim (JIRA)" <qpid-...@incubator.apache.org>
Subject [jira] Commented: (QPID-1899) --require-encryption doesn't work unless cyrus sasl authentication is turned on
Date Mon, 09 Nov 2009 15:33:32 GMT

    [ https://issues.apache.org/jira/browse/QPID-1899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12775002#action_12775002
] 

Gordon Sim commented on QPID-1899:
----------------------------------

If knowledge of the SSF is not replicated across the cluster, those replicas would assume
the connection was not encrypted and were --require-encrypted to be specified the node to
which the connection was accepted would allow the connection, but the replicas would reject
it, resulting in a cluster inconsistency.

I've committed your patch as r834108. with a minor addition in NullAuthenticator to enforce
require-encrypted when auth is turned off; thanks!

> --require-encryption doesn't work unless cyrus sasl authentication is turned on
> -------------------------------------------------------------------------------
>
>                 Key: QPID-1899
>                 URL: https://issues.apache.org/jira/browse/QPID-1899
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.5
>            Reporter: Gordon Sim
>            Assignee: Gordon Sim
>             Fix For: 0.6
>
>         Attachments: qpid-1899-10_26.patch, qpid-1899-10_30.patch, qpid-1899-9-17.patch,
qpid-1899-hacky.patch, qpid-1899.patch, qpid-1899.patch
>
>
> If you specify --require-encryption and --auth no then the broker will allow un-encrypted
conections. (If on the other hand you have authentication on, it will prevent you connecting
with anything other than a mech that supports encryption and will require an encrypting sasl
security layer - or of course an ssl connection)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org


Mime
View raw message