qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Conway <acon...@redhat.com>
Subject Re: [Qpid-Dispatch] SSL/SASL configuration on a listener
Date Wed, 22 Jun 2016 15:06:14 GMT
On Wed, 2016-06-22 at 16:47 +0200, Adel Boutros wrote:
> Hello,
> 
> I want to use SASL authentication mechanism using a client
> certificate. I looked at the examples and tests but I didn't quite
> get everything.
> I know I have to setup a listener with "sasl-mechanisms: EXTERNAL"
> and "require-peer-auth: yes" but then how do I tell the dispatcher
> which certificates are accepted and which aren't? 
> Of course I want to use a certificate for SSL encryption (provided in
> the ssl-profile) and a different one for SASL authentication but on
> the same listener.
> ssl-profile {
>     name: ssl-profile-name
>     certFile: cert_ssl_encryption.pem
>     keyFile: key_ssl_encryption.pem
> }
> 
> listener {
>     host: 0.0.0.0
>     port: 10399
>     sasl-mechanisms: EXTERNAL
>     ssl-profile: ssl-profile-name
>     authenticatePeer: yes
>     requireSsl: yes
> }
> In the above configuration, where should I add the "cert_sasl.pem"?

Minor nit - capitalized names are preferred now in config files:
saslProfile, saslMechanisms etc. Support for hyphenated names will go
away at some point.

Cheers,
Alan.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message