Red Hat Bugzilla – Bug 851136
[RFE] QPID cluster GSSAPI
Last modified: 2015-09-07 01:47:29 EDT
Description of problem:
Starting clustered brokers with GSSAPI authentication for cluster requires to specify --cluster-username <username> at the same time <username> should have valid krb5 ticket issued (which usually expires after few hours).
Krb5 admin guide suggests all services should use keytab file whenever authentication is required. Every qpidd already uses its principal <SERVICE_NAME>/<FQDN>@<REALM> from keytab file to talk to KDC service. Why not when joining cluster?