Bug 851136 - [RFE] QPID cluster GSSAPI
[RFE] QPID cluster GSSAPI
Status: NEW
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
2.2
Unspecified Unspecified
low Severity unspecified
: ---
: ---
Assigned To: messaging-bugs
MRG Quality Engineering
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-23 06:26 EDT by ppecka
Modified: 2015-09-07 01:47 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description ppecka 2012-08-23 06:26:56 EDT
Description of problem:
Starting clustered brokers with GSSAPI authentication for cluster requires to specify --cluster-username <username> at the same time  <username> should have valid krb5 ticket issued (which usually expires after few hours).
Krb5 admin guide suggests all services should use keytab file whenever authentication is required. Every qpidd already uses its principal <SERVICE_NAME>/<FQDN>@<REALM> from keytab file to talk to KDC service. Why not when joining cluster?


Version:
mrg-2.1.2

Note You need to log in before you can comment on or make changes to this bug.