Bug 585853

Summary: documentation: python kerberos client authentication requirements
Product: Red Hat Enterprise MRG Reporter: Frantisek Reznicek <freznice>
Component: Messaging_Programming_ReferenceAssignee: Alison Young <alyoung>
Status: CLOSED CURRENTRELEASE QA Contact: Petra Svobodová <psvobodo>
Severity: medium Docs Contact:
Priority: medium    
Version: DevelopmentCC: esammons, gsim, iboverma, jneedle, lbrindle, psvobodo
Target Milestone: 2.0Keywords: Documentation
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-24 02:00:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 660526, 660531    

Description Frantisek Reznicek 2010-04-26 09:04:52 UTC 
Description of problem:

It is necessary to document all requirements needed for successfull SASL GSSAPI authentication.
There is no qpid python client kerberos authentication documentation.

Starting from packages needed (python-qpid, saslwrapper, python-saslwrapper), ending in snippet of code, for instance:
https://bugzilla.redhat.com/show_bug.cgi?id=581807#c6

Version-Release number of selected component (if applicable):
N/A

How reproducible:
100%

Steps to Reproduce:
1. no python kerberos authentication documentation.
  
Actual results:
No qpid python client kerberos authentication documentation.

Expected results:
There should be qpid python client kerberos authentication documentation.

Additional info:
Comment 2 Lana Brindley 2011-02-03 00:09:42 UTC 
Gordon,

Can you please provide further information for documentation?

LKB
Comment 3 Gordon Sim 2011-03-02 17:46:05 UTC 
In section 10.1 add:

 "To use SASL from the python client, you need to install the python-saslwrapper rpm (and its dependency saslwrapper)."

There is no specific code required for GSSAPI anymore with the messaging API in python. After a kinit spout and drain should work providing you use the proper FQDN for the broker. This latter point is the same for all clients and would certainly be worth a note. E.g. in 10.1.2 something like:

 "Note: when using GSSAPI clients must specify the fully qualified domain name for the broker they are connecting to, which corresponds to the principal created for the qpidd service on that host." 

There is of course the ability to restrict the sasl mechanisms used on the client. That is documented in the programming guide.
Comment 4 Alison Young 2011-03-06 22:46:06 UTC 
Thanks Gordon.
Comment 6 Petra Svobodová 2011-06-09 12:40:11 UTC 
Requirements needed for successful SASL GSSAPI authentication were added into the Messaging User Guide 2.0 (chapter 10.1).

--> VERIFIED