Bug 877469 - sasl mech list overhaul documentation
sasl mech list overhaul documentation
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: Messaging_Installation_and_Configuration_Guide (Show other bugs)
2.2
Unspecified Unspecified
high Severity high
: 2.3
: ---
Assigned To: Joshua Wulf
Frantisek Reznicek
:
Depends On:
Blocks: 846465
  Show dependency treegraph
 
Reported: 2012-11-16 10:49 EST by Frantisek Reznicek
Modified: 2015-11-15 20:14 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-13 19:59:22 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Frantisek Reznicek 2012-11-16 10:49:31 EST
Description of problem:

Bug 846465 changes has to be incorporated into Messaging_Installation_and_Configuration_Guide -> Simple Authentication and Security Layer chapters.

Especially 
- Configure Kerberos 5 subchapter has to explicitly guide customers to edit /etc/sasl2/qpidd.conf for enabling GSSAPI auth. method.
- Configure SASL using a Local Password File has to briefly discuss the possibility of narrowing default SASL authentication mechanisms
 'ANONYMOUS, DIGEST-MD5, EXTERNAL, PLAIN' in /etc/sasl2/qpidd.conf


Version-Release number of selected component (if applicable):
Messaging_Installation_and_Configuration_Guide 2.2*

How reproducible:
N/A

Steps to Reproduce:
1. grep /etc/sasl2/qpidd.conf <doc>
  
Actual results:
No info about how to enable GSSAPI / narrow qpidd SASL authentication mechanisms.

Expected results:
Info about how to enable GSSAPI / narrow qpidd SASL authentication mechanisms available in Messaging_Installation_and_Configuration_Guide.
Comment 2 Joshua Wulf 2013-02-11 11:59:48 EST
1. If I read this note correctly: https://bugzilla.redhat.com/show_bug.cgi?id=846465#c2 then enabling GSSAPI auth is not needed. There is no note visible to me in the commit at http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;h=4e100d741071cf6273c45b396cba5a31a5ede645



2. I've added a section "SASL Mechanisms" about narrowing SASL auth mechanisms.

http://deathstar1.usersys.redhat.com/MCIG/index.html#SASL_Mechanisms

(I am having trouble with brew at the moment, so please check it at this URL)
Comment 3 Frantisek Reznicek 2013-02-12 05:32:39 EST
(In reply to comment #2)
> 1. If I read this note correctly:
> https://bugzilla.redhat.com/show_bug.cgi?id=846465#c2 then enabling GSSAPI
> auth is not needed. There is no note visible to me in the commit at
> http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;
> h=4e100d741071cf6273c45b396cba5a31a5ede645
> 

8.1.6. Configure Kerberos 5 chapter does not refer to /etc/sasl2/qpidd.conf file but should as current release will be the first one which comes with specific mech_list which results in necessity of adding GSSAPI into etc/sasl2/qpidd.conf's mech_list. Simply, steps in 8.1.6. are not complete since current release.

See more here:
  bug 846465 comment 9
  bug 846465 doc-text
  http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;h=a9e14439f7576fbc2ed9b49018a19781b170c404

> 
> 
> 2. I've added a section "SASL Mechanisms" about narrowing SASL auth
> mechanisms.
> 
> http://deathstar1.usersys.redhat.com/MCIG/index.html#SASL_Mechanisms
> 

I'm fine with the proposed content here.

-> ASSIGNED (re 1.)
Comment 5 Frantisek Reznicek 2013-02-18 03:57:03 EST
I approve the changes.

-> VERIFIED
Comment 6 Cheryn Tan 2013-03-13 19:59:22 EDT
Docs published on https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_MRG/

Note You need to log in before you can comment on or make changes to this bug.