Bug 585853 - documentation: python kerberos client authentication requirements
documentation: python kerberos client authentication requirements
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: Messaging_Programming_Reference (Show other bugs)
All Linux
medium Severity medium
: 2.0
: ---
Assigned To: Alison Young
Petra Svobodová
: Documentation
Depends On:
Blocks: 660526 660531
  Show dependency treegraph
Reported: 2010-04-26 05:04 EDT by Frantisek Reznicek
Modified: 2015-11-15 20:12 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-06-23 22:00:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Frantisek Reznicek 2010-04-26 05:04:52 EDT
Description of problem:

It is necessary to document all requirements needed for successfull SASL GSSAPI authentication.
There is no qpid python client kerberos authentication documentation.

Starting from packages needed (python-qpid, saslwrapper, python-saslwrapper), ending in snippet of code, for instance:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. no python kerberos authentication documentation.
Actual results:
No qpid python client kerberos authentication documentation.

Expected results:
There should be qpid python client kerberos authentication documentation.

Additional info:
Comment 2 Lana Brindley 2011-02-02 19:09:42 EST

Can you please provide further information for documentation?

Comment 3 Gordon Sim 2011-03-02 12:46:05 EST
In section 10.1 add:

 "To use SASL from the python client, you need to install the python-saslwrapper rpm (and its dependency saslwrapper)."

There is no specific code required for GSSAPI anymore with the messaging API in python. After a kinit spout and drain should work providing you use the proper FQDN for the broker. This latter point is the same for all clients and would certainly be worth a note. E.g. in 10.1.2 something like:

 "Note: when using GSSAPI clients must specify the fully qualified domain name for the broker they are connecting to, which corresponds to the principal created for the qpidd service on that host." 

There is of course the ability to restrict the sasl mechanisms used on the client. That is documented in the programming guide.
Comment 4 Alison Young 2011-03-06 17:46:06 EST
Thanks Gordon.
Comment 6 Petra Svobodová 2011-06-09 08:40:11 EDT
Requirements needed for successful SASL GSSAPI authentication were added into the Messaging User Guide 2.0 (chapter 10.1).


Note You need to log in before you can comment on or make changes to this bug.