qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: Dispatch: Default value of authenticatePeer
Date Wed, 03 Aug 2016 17:40:38 GMT
On 03/08/16 18:23, Robbie Gemmell wrote:
> On 3 August 2016 at 18:08, Gordon Sim <gsim@redhat.com> wrote:
>> I think this is different from proton's behaviour (and from qpidd's) where
>> the similar flags are false by default. (This is a distinct concern from the
>> default sasl mechanisms enabled).
>>
>>
>
> Without looking at any code to actually know for sure, my thinking
> from previous discussion was that it stems from the proton-c transport
> 'requireAuthentication' style config, which defaults false as you say
> thus allowing either SASL or non-SASL connections by default, and so
> by not setting the authenticatePeer setting in Dispatch config
> proton's related transport config also remains false and continues to
> allow the non-SASL connections, with the saslMechanisms config only
> controlling which mechs any SASL connections can use.

You could be right, I was actually thinking of the client side in proton 
(proton is a lot of different things!). The python reactor client has a 
sasl_enabled option which controls whether or not a sasl layer is used 
and that is on by default. However that is only for establishing 
connections, and doesn't cover accepting them.

I would agree that the routers authenticatePeer option should be true by 
default.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message