qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pavel Moravec <pmora...@redhat.com>
Subject Re: Setting up Kerberos security
Date Thu, 09 Aug 2012 14:28:40 GMT
Hi Davide,
add to /etc/sasl2/qpidd.conf:

mech_list: GSSAPI

to stick qpid broker in enforcing just that type of SASL mechanism.

If you require to set it in the client, then it depends on what client/tool do you use. I.e.

qpid-config --sasl-mechanism=GSSAPI ..
C++ spout/drain: ./drain --connection-options '{sasl_mechanisms:GSSAPI, username:guest, password:guest
}' ..
Java client: ./run_example.sh org.apache.qpid.example.Drain --broker-option=sasl_mechs=GSSAPI

Kind regards,
Pavel


----- Original Message -----
> From: "Davide Anastasia" <Davide.Anastasia@qualitycapital.com>
> To: users@qpid.apache.org
> Sent: Thursday, August 9, 2012 3:52:49 PM
> Subject: RE: Setting up Kerberos security
> 
> Hi Gordon,
> I'm using the C++ broker, v. 0.14, the one shipped with RHEL6.
> I have used the guide in your page to set up the Kerberos server,
> without success.
> 
> How can I explicitly require GSSAPI as the mechanism? How can I
> change
> it in the /etc/sasl2/qpidd.conf file? I'm just checking whether the
> cyrus-sasl is available.
> 
> Best,
> Davide
> 
> -----Original Message-----
> From: Gordon Sim [mailto:gsim@redhat.com]
> Sent: 09 August 2012 10:05
> To: users@qpid.apache.org
> Subject: Re: Setting up Kerberos security
> 
> On 08/08/2012 05:00 PM, Davide Anastasia wrote:
> > Hi All,
> >
> > Can anybody point me to a guide that could help me to setup
> > Kerberos
> > to work with Qpid?
> 
> Which broker are you using? qpidd (i.e. c++) or qpid-server (Java).
> 
> If the former, is
> http://qpid.apache.org/books/0.16/AMQP-Messaging-Broker-CPP-Book/html/ch
> ap-Messaging_User_Guide-Security.html
> the text you have already seen?
> 
> > I've been trying to follow the steps described in the User Manual,
> > but
> 
> > Qpid still uses its SASL database for authentication.
> 
> Which client are you using, and are you explicitly requesting GSSAPI
> as
> the mechanism? If using qpidd, does your /etc/sasl2/qpidd.conf file
> have
> the mech_list set and does the list include GSSAPI? Do you have the
> cyrus-sasl gssapi module installed?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
> additional
> commands, e-mail: users-help@qpid.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message