Red Hat Bugzilla – Bug 877469
sasl mech list overhaul documentation
Last modified: 2015-11-15 20:14:27 EST
Description of problem:
Bug 846465 changes has to be incorporated into Messaging_Installation_and_Configuration_Guide -> Simple Authentication and Security Layer chapters.
- Configure Kerberos 5 subchapter has to explicitly guide customers to edit /etc/sasl2/qpidd.conf for enabling GSSAPI auth. method.
- Configure SASL using a Local Password File has to briefly discuss the possibility of narrowing default SASL authentication mechanisms
'ANONYMOUS, DIGEST-MD5, EXTERNAL, PLAIN' in /etc/sasl2/qpidd.conf
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. grep /etc/sasl2/qpidd.conf <doc>
No info about how to enable GSSAPI / narrow qpidd SASL authentication mechanisms.
Info about how to enable GSSAPI / narrow qpidd SASL authentication mechanisms available in Messaging_Installation_and_Configuration_Guide.
1. If I read this note correctly: https://bugzilla.redhat.com/show_bug.cgi?id=846465#c2 then enabling GSSAPI auth is not needed. There is no note visible to me in the commit at http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;h=4e100d741071cf6273c45b396cba5a31a5ede645
2. I've added a section "SASL Mechanisms" about narrowing SASL auth mechanisms.
(I am having trouble with brew at the moment, so please check it at this URL)
(In reply to comment #2)
> 1. If I read this note correctly:
> https://bugzilla.redhat.com/show_bug.cgi?id=846465#c2 then enabling GSSAPI
> auth is not needed. There is no note visible to me in the commit at
8.1.6. Configure Kerberos 5 chapter does not refer to /etc/sasl2/qpidd.conf file but should as current release will be the first one which comes with specific mech_list which results in necessity of adding GSSAPI into etc/sasl2/qpidd.conf's mech_list. Simply, steps in 8.1.6. are not complete since current release.
See more here:
bug 846465 comment 9
bug 846465 doc-text
> 2. I've added a section "SASL Mechanisms" about narrowing SASL auth
I'm fine with the proposed content here.
-> ASSIGNED (re 1.)
I approve the changes.
Docs published on https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_MRG/