Bug 585853 - documentation: python kerberos client authentication requirements
Summary: documentation: python kerberos client authentication requirements
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: Messaging_Programming_Reference
Version: Development
Hardware: All
OS: Linux
Target Milestone: 2.0
: ---
Assignee: Alison Young
QA Contact: Petra Svobodová
Depends On:
Blocks: 660526 660531
TreeView+ depends on / blocked
Reported: 2010-04-26 09:04 UTC by Frantisek Reznicek
Modified: 2015-11-16 01:12 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-06-24 02:00:55 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Frantisek Reznicek 2010-04-26 09:04:52 UTC
Description of problem:

It is necessary to document all requirements needed for successfull SASL GSSAPI authentication.
There is no qpid python client kerberos authentication documentation.

Starting from packages needed (python-qpid, saslwrapper, python-saslwrapper), ending in snippet of code, for instance:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. no python kerberos authentication documentation.
Actual results:
No qpid python client kerberos authentication documentation.

Expected results:
There should be qpid python client kerberos authentication documentation.

Additional info:

Comment 2 Lana Brindley 2011-02-03 00:09:42 UTC

Can you please provide further information for documentation?


Comment 3 Gordon Sim 2011-03-02 17:46:05 UTC
In section 10.1 add:

 "To use SASL from the python client, you need to install the python-saslwrapper rpm (and its dependency saslwrapper)."

There is no specific code required for GSSAPI anymore with the messaging API in python. After a kinit spout and drain should work providing you use the proper FQDN for the broker. This latter point is the same for all clients and would certainly be worth a note. E.g. in 10.1.2 something like:

 "Note: when using GSSAPI clients must specify the fully qualified domain name for the broker they are connecting to, which corresponds to the principal created for the qpidd service on that host." 

There is of course the ability to restrict the sasl mechanisms used on the client. That is documented in the programming guide.

Comment 4 Alison Young 2011-03-06 22:46:06 UTC
Thanks Gordon.

Comment 6 Petra Svobodová 2011-06-09 12:40:11 UTC
Requirements needed for successful SASL GSSAPI authentication were added into the Messaging User Guide 2.0 (chapter 10.1).


Note You need to log in before you can comment on or make changes to this bug.