Description of problem: Bug 846465 changes has to be incorporated into Messaging_Installation_and_Configuration_Guide -> Simple Authentication and Security Layer chapters. Especially - Configure Kerberos 5 subchapter has to explicitly guide customers to edit /etc/sasl2/qpidd.conf for enabling GSSAPI auth. method. - Configure SASL using a Local Password File has to briefly discuss the possibility of narrowing default SASL authentication mechanisms 'ANONYMOUS, DIGEST-MD5, EXTERNAL, PLAIN' in /etc/sasl2/qpidd.conf Version-Release number of selected component (if applicable): Messaging_Installation_and_Configuration_Guide 2.2* How reproducible: N/A Steps to Reproduce: 1. grep /etc/sasl2/qpidd.conf <doc> Actual results: No info about how to enable GSSAPI / narrow qpidd SASL authentication mechanisms. Expected results: Info about how to enable GSSAPI / narrow qpidd SASL authentication mechanisms available in Messaging_Installation_and_Configuration_Guide.
1. If I read this note correctly: https://bugzilla.redhat.com/show_bug.cgi?id=846465#c2 then enabling GSSAPI auth is not needed. There is no note visible to me in the commit at http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;h=4e100d741071cf6273c45b396cba5a31a5ede645 2. I've added a section "SASL Mechanisms" about narrowing SASL auth mechanisms. http://deathstar1.usersys.redhat.com/MCIG/index.html#SASL_Mechanisms (I am having trouble with brew at the moment, so please check it at this URL)
(In reply to comment #2) > 1. If I read this note correctly: > https://bugzilla.redhat.com/show_bug.cgi?id=846465#c2 then enabling GSSAPI > auth is not needed. There is no note visible to me in the commit at > http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit; > h=4e100d741071cf6273c45b396cba5a31a5ede645 > 8.1.6. Configure Kerberos 5 chapter does not refer to /etc/sasl2/qpidd.conf file but should as current release will be the first one which comes with specific mech_list which results in necessity of adding GSSAPI into etc/sasl2/qpidd.conf's mech_list. Simply, steps in 8.1.6. are not complete since current release. See more here: bug 846465 comment 9 bug 846465 doc-text http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;h=a9e14439f7576fbc2ed9b49018a19781b170c404 > > > 2. I've added a section "SASL Mechanisms" about narrowing SASL auth > mechanisms. > > http://deathstar1.usersys.redhat.com/MCIG/index.html#SASL_Mechanisms > I'm fine with the proposed content here. -> ASSIGNED (re 1.)
http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Messaging_Installation_and_Configuration_Guide/chap-Security.html#Configure_Kerberos_5
I approve the changes. -> VERIFIED
Docs published on https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_MRG/