summaryrefslogtreecommitdiff
path: root/cpp/etc/sasl2/qpidd.conf
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/etc/sasl2/qpidd.conf')
-rw-r--r--cpp/etc/sasl2/qpidd.conf30
1 files changed, 16 insertions, 14 deletions
diff --git a/cpp/etc/sasl2/qpidd.conf b/cpp/etc/sasl2/qpidd.conf
index 0872bc251b..3d13a6d650 100644
--- a/cpp/etc/sasl2/qpidd.conf
+++ b/cpp/etc/sasl2/qpidd.conf
@@ -18,33 +18,31 @@
#
#
#---------------------------------
-# Mechanisms and Users
+# SASL Mechanisms and Users
#---------------------------------
#
-# This default qpidd configuration allows for only SASL ANONYMOUS authentication.
-# To additionally enable DIGEST-MD5 authentication:
-#
-# 1. edit the mech_list below to read
-# mech_list: DIGEST-MD5 ANONYMOUS
-#
-# 2. To add new a new user+password to the sasldb file:
-# echo $PASSWD | saslpasswd2 -c -p -f $SASLTEST_DB -u QPID $USERNAME
+# This default mech list allows for PLAIN, but that
+# mechanism sends credentials in the clear, and is normally
+# only used along with SSL transport-layer security.
#
+# This default also permits DIGEST-MD5, but you must have
+# a user and password defined in your sasldb file to use
+# this mechanism. ( See notes below. )
#
# PLEASE NOTE
# For production messaging systems, a high-security mechanism such as
-# DIGEST-MD5 or PLAIN+SSL should be enabled.
+# DIGEST-MD5 or PLAIN+SSL should be used.
#
#
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /var/lib/qpidd/qpidd.sasldb
-mech_list: ANONYMOUS
+mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN
#---------------------------------
-# Other Notes
+# Please Note
#---------------------------------
#
# 1. If you use a nonstandard location for your sasl_config directory,
@@ -60,15 +58,19 @@ mech_list: ANONYMOUS
# /var/lib/qpidd/qpidd.sasldb
#
# 3. You can see what usernames have been stored in the sasldb, with the
-# sasldblistusers2 command.
+# command "sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb"
#
# 4. The REALM is important and should be the same as the --realm
# option to the broker. This lets the broker properly find the user in
# the sasldb file.
#
# 5. The sasldb file must be readable by the user running the qpidd
-# daemon, and should be readable only by that user.
+# daemon, ( the user name is qpidd ) and should be readable only
+# by that user.
#
+# 6. The EXTERNAL mechanism allows you to use SSL transport layer
+# security. In that case, you can also set the broker option
+# --ssl-require-client-authentication .
View Lorry Controller Status