summaryrefslogtreecommitdiff
path: root/qpid/cpp/etc/sasl2/qpidd.conf
diff options
context:
space:
mode:
Diffstat (limited to 'qpid/cpp/etc/sasl2/qpidd.conf')
-rw-r--r--qpid/cpp/etc/sasl2/qpidd.conf82
1 files changed, 82 insertions, 0 deletions
diff --git a/qpid/cpp/etc/sasl2/qpidd.conf b/qpid/cpp/etc/sasl2/qpidd.conf
new file mode 100644
index 0000000000..3d13a6d650
--- /dev/null
+++ b/qpid/cpp/etc/sasl2/qpidd.conf
@@ -0,0 +1,82 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+#---------------------------------
+# SASL Mechanisms and Users
+#---------------------------------
+#
+# This default mech list allows for PLAIN, but that
+# mechanism sends credentials in the clear, and is normally
+# only used along with SSL transport-layer security.
+#
+# This default also permits DIGEST-MD5, but you must have
+# a user and password defined in your sasldb file to use
+# this mechanism. ( See notes below. )
+#
+# PLEASE NOTE
+# For production messaging systems, a high-security mechanism such as
+# DIGEST-MD5 or PLAIN+SSL should be used.
+#
+#
+pwcheck_method: auxprop
+auxprop_plugin: sasldb
+sasldb_path: /var/lib/qpidd/qpidd.sasldb
+mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN
+
+
+
+#---------------------------------
+# Please Note
+#---------------------------------
+#
+# 1. If you use a nonstandard location for your sasl_config directory,
+# you can point qpidd to it by using the --sasl-config option.
+# If your nonstandard sasl directory is $MY_SASL_DIR, put a copy
+# of this file at $MY_SASL_DIR/qpidd.conf, alter the mech list as
+# appropriate for your installation, and then use the saslpasswd2
+# command to add new user+passwd pairs:
+# echo $PASSWD | saslpasswd2 -c -p -f $MY_SASL_DIR/qpidd.sasldb -u QPID $USERNAME
+#
+#
+# 2. The standard location for the qpidd sasldb file is
+# /var/lib/qpidd/qpidd.sasldb
+#
+# 3. You can see what usernames have been stored in the sasldb, with the
+# command "sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb"
+#
+# 4. The REALM is important and should be the same as the --realm
+# option to the broker. This lets the broker properly find the user in
+# the sasldb file.
+#
+# 5. The sasldb file must be readable by the user running the qpidd
+# daemon, ( the user name is qpidd ) and should be readable only
+# by that user.
+#
+# 6. The EXTERNAL mechanism allows you to use SSL transport layer
+# security. In that case, you can also set the broker option
+# --ssl-require-client-authentication .
+
+
+
+# The following line stops spurious 'sql_select option missing' errors when
+# cyrus-sql-sasl plugin is installed
+sql_select: dummy select
+
+
+
View Lorry Controller Status