The default value for the sasl-mech-list configuration parameter allows Cumin to use "all available SASL mechanisms" for authentication to the broker. The MCIG advises users to set this value manually to disallow ANONYMOUS authentication from Cumin, thereby ensuring full operability.
Having to set the sasl-mech-list configuration parameter manually provides an extra step during set up.
Setting this value automatically would cover most user cases, eliminate the extra step, and ease maintenance.
The default value for sasl-mech-list has been changed. For broker addresses which specify user/password in the URL (known as "credentials"), sasl-mech-list will be set to the list of recommended password authentication mechanisms for Cumin (currently PLAIN and DIGEST-MD5). For broker addresses which do not contain credentials, sasl-mech-list will be set to ANONYMOUS. The old default behavior of allowing "all available mechanisms" may be chose by setting sasl-mech-list to AVAILABLE.
These changes automatically handle most configurations. Existing installations that set a sasl-mech-list value explicitly will continue to use that value. Installations that use the old default value and really intend to allow "all available mechanisms" may set the sasl-mech-list value to AVAILABLE to retain current behavior.