# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # # #--------------------------------- # Mechanisms and Users #--------------------------------- # # This default qpidd configuration allows for only SASL ANONYMOUS authentication. # To additionally enable DIGEST-MD5 authentication: # # 1. edit the mech_list below to read # mech_list: DIGEST-MD5 ANONYMOUS # # 2. To add new a new user+password to the sasldb file: # echo $PASSWD | saslpasswd2 -c -p -f $SASLTEST_DB -u QPID $USERNAME # # # PLEASE NOTE # For production messaging systems, a high-security mechanism such as # DIGEST-MD5 or PLAIN+SSL should be enabled. # # pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: /var/lib/qpidd/qpidd.sasldb mech_list: ANONYMOUS #--------------------------------- # Other Notes #--------------------------------- # # 1. If you use a nonstandard location for your sasl_config directory, # you can point qpidd to it by using the --sasl-config option. # If your nonstandard sasl directory is $MY_SASL_DIR, put a copy # of this file at $MY_SASL_DIR/qpidd.conf, alter the mech list as # appropriate for your installation, and then use the saslpasswd2 # command to add new user+passwd pairs: # echo $PASSWD | saslpasswd2 -c -p -f $MY_SASL_DIR/qpidd.sasldb -u QPID $USERNAME # # # 2. The standard location for the qpidd sasldb file is # /var/lib/qpidd/qpidd.sasldb # # 3. You can see what usernames have been stored in the sasldb, with the # sasldblistusers2 command. # # 4. The REALM is important and should be the same as the --realm # option to the broker. This lets the broker properly find the user in # the sasldb file. # # 5. The sasldb file must be readable by the user running the qpidd # daemon, and should be readable only by that user. # # The following line stops spurious 'sql_select option missing' errors when # cyrus-sql-sasl plugin is installed sql_select: dummy select