Bug 1005243

Description of problem:
Due to QPID-4631 / bz851355 (see e.g. "Doc Text" there), federation links are disallowed by default with auth=yes. That brings a problem for newHA that relies on federation.

Therefore it is required to document that when newHA is used with authentication, ACLs have to specifically allow link creation like:

acl allow <ha-username> create link


Version-Release number of selected component (if applicable):
doc for MRG-M 3.0


How reproducible:
n.a. (doc issue)


Steps to Reproduce:
to reproduce the _problem_ with auth=yes and no ACL:

1) configure 2 brokers in newHA cluster with /etc/qpid/qpidd.conf:

log-to-file=/tmp/qpidd.log
ha-replicate=all
ha-cluster=yes
ha-brokers-url=node1,node2
auth=yes
ha-username=guest
ha-password=guest
ha-mechanism=PLAIN
trace=yes

2) start first broker and "qpid-ha promote" it
3) try to start 2nd broker


Actual results:
2nd broker startup fails with:

warning Client closed connection with 320: User guest@QPID federation connection denied. Systems with authentication enabled must specify ACL create link rules. (/root/rpmbuild/BUILD/qpid-0.22/cpp/src/qpid/broker/ConnectionHandler.cpp:214)


Expected results:
User reads in MICG that ACLs need to be set up:)


Additional info: