Red Hat Bugzilla – Bug 585853
documentation: python kerberos client authentication requirements
Last modified: 2015-11-15 20:12:16 EST
Description of problem:
It is necessary to document all requirements needed for successfull SASL GSSAPI authentication.
There is no qpid python client kerberos authentication documentation.
Starting from packages needed (python-qpid, saslwrapper, python-saslwrapper), ending in snippet of code, for instance:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. no python kerberos authentication documentation.
No qpid python client kerberos authentication documentation.
There should be qpid python client kerberos authentication documentation.
Can you please provide further information for documentation?
In section 10.1 add:
"To use SASL from the python client, you need to install the python-saslwrapper rpm (and its dependency saslwrapper)."
There is no specific code required for GSSAPI anymore with the messaging API in python. After a kinit spout and drain should work providing you use the proper FQDN for the broker. This latter point is the same for all clients and would certainly be worth a note. E.g. in 10.1.2 something like:
"Note: when using GSSAPI clients must specify the fully qualified domain name for the broker they are connecting to, which corresponds to the principal created for the qpidd service on that host."
There is of course the ability to restrict the sasl mechanisms used on the client. That is documented in the programming guide.
Requirements needed for successful SASL GSSAPI authentication were added into the Messaging User Guide 2.0 (chapter 10.1).