Bug 851136

Summary: [RFE] QPID cluster GSSAPI
Product: Red Hat Enterprise MRG Reporter: ppecka <ppecka>
Component: qpid-cppAssignee: messaging-bugs <messaging-bugs>
Status: NEW --- QA Contact: MRG Quality Engineering <mrgqe-bugs>
Severity: unspecified Docs Contact:
Priority: low    
Version: 2.2CC: jross
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description ppecka 2012-08-23 10:26:56 UTC 
Description of problem:
Starting clustered brokers with GSSAPI authentication for cluster requires to specify --cluster-username <username> at the same time  <username> should have valid krb5 ticket issued (which usually expires after few hours).
Krb5 admin guide suggests all services should use keytab file whenever authentication is required. Every qpidd already uses its principal <SERVICE_NAME>/<FQDN>@<REALM> from keytab file to talk to KDC service. Why not when joining cluster?


Version:
mrg-2.1.2