qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: Kerberos ticket naming: qpid/xxx should be amqp/xxx
Date Mon, 10 Jul 2017 08:08:17 GMT
On 08/07/17 22:00, Rick van Rein wrote:
> Hi,
> I was pleased to see GSSAPI supported in Qpid Broker C++; I can think of
> several uses of messaging where Kerberos' single sign-on is a blessing.
> But the naming of the tickets as "qpid/host.name@REALM.NAME" is not as I
> think it should be.  Clients nede to construct such names for their
> ticket requests:
>   - the "REALM.NAME" is the client's, or modified through KDC redirection
> [or perhaps using draft-vanrein-dnstxt-krb1]
>   - the "host.name" is derived from SRV records (it could be the domain
> or host)
>   - the service name, here "qpid" is commonly known to an implementation

You can change this using the --sasl-service-name option. (I agree that 
amqp would have been a netter choice for the default there).

To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

View raw message