diff options
Diffstat (limited to 'qpid/cpp/etc/sasl2/qpidd.conf')
-rw-r--r-- | qpid/cpp/etc/sasl2/qpidd.conf | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/qpid/cpp/etc/sasl2/qpidd.conf b/qpid/cpp/etc/sasl2/qpidd.conf new file mode 100644 index 0000000000..3d13a6d650 --- /dev/null +++ b/qpid/cpp/etc/sasl2/qpidd.conf @@ -0,0 +1,82 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +#--------------------------------- +# SASL Mechanisms and Users +#--------------------------------- +# +# This default mech list allows for PLAIN, but that +# mechanism sends credentials in the clear, and is normally +# only used along with SSL transport-layer security. +# +# This default also permits DIGEST-MD5, but you must have +# a user and password defined in your sasldb file to use +# this mechanism. ( See notes below. ) +# +# PLEASE NOTE +# For production messaging systems, a high-security mechanism such as +# DIGEST-MD5 or PLAIN+SSL should be used. +# +# +pwcheck_method: auxprop +auxprop_plugin: sasldb +sasldb_path: /var/lib/qpidd/qpidd.sasldb +mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN + + + +#--------------------------------- +# Please Note +#--------------------------------- +# +# 1. If you use a nonstandard location for your sasl_config directory, +# you can point qpidd to it by using the --sasl-config option. +# If your nonstandard sasl directory is $MY_SASL_DIR, put a copy +# of this file at $MY_SASL_DIR/qpidd.conf, alter the mech list as +# appropriate for your installation, and then use the saslpasswd2 +# command to add new user+passwd pairs: +# echo $PASSWD | saslpasswd2 -c -p -f $MY_SASL_DIR/qpidd.sasldb -u QPID $USERNAME +# +# +# 2. The standard location for the qpidd sasldb file is +# /var/lib/qpidd/qpidd.sasldb +# +# 3. You can see what usernames have been stored in the sasldb, with the +# command "sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb" +# +# 4. The REALM is important and should be the same as the --realm +# option to the broker. This lets the broker properly find the user in +# the sasldb file. +# +# 5. The sasldb file must be readable by the user running the qpidd +# daemon, ( the user name is qpidd ) and should be readable only +# by that user. +# +# 6. The EXTERNAL mechanism allows you to use SSL transport layer +# security. In that case, you can also set the broker option +# --ssl-require-client-authentication . + + + +# The following line stops spurious 'sql_select option missing' errors when +# cyrus-sql-sasl plugin is installed +sql_select: dummy select + + + |