This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours

Bug 877469

Summary: sasl mech list overhaul documentation
Product: Red Hat Enterprise MRG Reporter: Frantisek Reznicek <freznice>
Component: Messaging_Installation_and_Configuration_GuideAssignee: Joshua Wulf <jwulf>
Status: CLOSED CURRENTRELEASE QA Contact: Frantisek Reznicek <freznice>
Severity: high Docs Contact:
Priority: high    
Version: 2.2CC: chetan, esammons, iboverma, lcarlon, lzhaldyb
Target Milestone: 2.3   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-13 19:59:22 EDT Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 846465    

Description Frantisek Reznicek 2012-11-16 10:49:31 EST
Description of problem:

Bug 846465 changes has to be incorporated into Messaging_Installation_and_Configuration_Guide -> Simple Authentication and Security Layer chapters.

Especially 
- Configure Kerberos 5 subchapter has to explicitly guide customers to edit /etc/sasl2/qpidd.conf for enabling GSSAPI auth. method.
- Configure SASL using a Local Password File has to briefly discuss the possibility of narrowing default SASL authentication mechanisms
 'ANONYMOUS, DIGEST-MD5, EXTERNAL, PLAIN' in /etc/sasl2/qpidd.conf


Version-Release number of selected component (if applicable):
Messaging_Installation_and_Configuration_Guide 2.2*

How reproducible:
N/A

Steps to Reproduce:
1. grep /etc/sasl2/qpidd.conf <doc>
  
Actual results:
No info about how to enable GSSAPI / narrow qpidd SASL authentication mechanisms.

Expected results:
Info about how to enable GSSAPI / narrow qpidd SASL authentication mechanisms available in Messaging_Installation_and_Configuration_Guide.
Comment 2 Joshua Wulf 2013-02-11 11:59:48 EST
1. If I read this note correctly: https://bugzilla.redhat.com/show_bug.cgi?id=846465#c2 then enabling GSSAPI auth is not needed. There is no note visible to me in the commit at http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;h=4e100d741071cf6273c45b396cba5a31a5ede645



2. I've added a section "SASL Mechanisms" about narrowing SASL auth mechanisms.

http://deathstar1.usersys.redhat.com/MCIG/index.html#SASL_Mechanisms

(I am having trouble with brew at the moment, so please check it at this URL)
Comment 3 Frantisek Reznicek 2013-02-12 05:32:39 EST
(In reply to comment #2)
> 1. If I read this note correctly:
> https://bugzilla.redhat.com/show_bug.cgi?id=846465#c2 then enabling GSSAPI
> auth is not needed. There is no note visible to me in the commit at
> http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;
> h=4e100d741071cf6273c45b396cba5a31a5ede645
> 

8.1.6. Configure Kerberos 5 chapter does not refer to /etc/sasl2/qpidd.conf file but should as current release will be the first one which comes with specific mech_list which results in necessity of adding GSSAPI into etc/sasl2/qpidd.conf's mech_list. Simply, steps in 8.1.6. are not complete since current release.

See more here:
  bug 846465 comment 9
  bug 846465 doc-text
  http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;h=a9e14439f7576fbc2ed9b49018a19781b170c404

> 
> 
> 2. I've added a section "SASL Mechanisms" about narrowing SASL auth
> mechanisms.
> 
> http://deathstar1.usersys.redhat.com/MCIG/index.html#SASL_Mechanisms
> 

I'm fine with the proposed content here.

-> ASSIGNED (re 1.)
Comment 5 Frantisek Reznicek 2013-02-18 03:57:03 EST
I approve the changes.

-> VERIFIED
Comment 6 Cheryn Tan 2013-03-13 19:59:22 EDT
Docs published on https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_MRG/