Bug 877469 - sasl mech list overhaul documentation
Summary: sasl mech list overhaul documentation
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: Messaging_Installation_and_Configuration_Guide
Version: 2.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: 2.3
: ---
Assignee: Joshua Wulf
QA Contact: Frantisek Reznicek
URL:
Whiteboard:
Depends On:
Blocks: 846465
TreeView+ depends on / blocked
 
Reported: 2012-11-16 15:49 UTC by Frantisek Reznicek
Modified: 2015-11-16 01:14 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-13 23:59:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Frantisek Reznicek 2012-11-16 15:49:31 UTC 
Description of problem:

Bug 846465 changes has to be incorporated into Messaging_Installation_and_Configuration_Guide -> Simple Authentication and Security Layer chapters.

Especially 
- Configure Kerberos 5 subchapter has to explicitly guide customers to edit /etc/sasl2/qpidd.conf for enabling GSSAPI auth. method.
- Configure SASL using a Local Password File has to briefly discuss the possibility of narrowing default SASL authentication mechanisms
 'ANONYMOUS, DIGEST-MD5, EXTERNAL, PLAIN' in /etc/sasl2/qpidd.conf


Version-Release number of selected component (if applicable):
Messaging_Installation_and_Configuration_Guide 2.2*

How reproducible:
N/A

Steps to Reproduce:
1. grep /etc/sasl2/qpidd.conf <doc>
  
Actual results:
No info about how to enable GSSAPI / narrow qpidd SASL authentication mechanisms.

Expected results:
Info about how to enable GSSAPI / narrow qpidd SASL authentication mechanisms available in Messaging_Installation_and_Configuration_Guide.
Comment 2 Joshua Wulf 2013-02-11 16:59:48 UTC 
1. If I read this note correctly: https://bugzilla.redhat.com/show_bug.cgi?id=846465#c2 then enabling GSSAPI auth is not needed. There is no note visible to me in the commit at http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;h=4e100d741071cf6273c45b396cba5a31a5ede645



2. I've added a section "SASL Mechanisms" about narrowing SASL auth mechanisms.

http://deathstar1.usersys.redhat.com/MCIG/index.html#SASL_Mechanisms

(I am having trouble with brew at the moment, so please check it at this URL)
Comment 3 Frantisek Reznicek 2013-02-12 10:32:39 UTC 
(In reply to comment #2)
> 1. If I read this note correctly:
> https://bugzilla.redhat.com/show_bug.cgi?id=846465#c2 then enabling GSSAPI
> auth is not needed. There is no note visible to me in the commit at
> http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;
> h=4e100d741071cf6273c45b396cba5a31a5ede645
> 

8.1.6. Configure Kerberos 5 chapter does not refer to /etc/sasl2/qpidd.conf file but should as current release will be the first one which comes with specific mech_list which results in necessity of adding GSSAPI into etc/sasl2/qpidd.conf's mech_list. Simply, steps in 8.1.6. are not complete since current release.

See more here:
  bug 846465 comment 9
  bug 846465 doc-text
  http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commit;h=a9e14439f7576fbc2ed9b49018a19781b170c404

> 
> 
> 2. I've added a section "SASL Mechanisms" about narrowing SASL auth
> mechanisms.
> 
> http://deathstar1.usersys.redhat.com/MCIG/index.html#SASL_Mechanisms
> 

I'm fine with the proposed content here.

-> ASSIGNED (re 1.)
Comment 4 Joshua Wulf 2013-02-18 04:53:17 UTC 
http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Messaging_Installation_and_Configuration_Guide/chap-Security.html#Configure_Kerberos_5
Comment 5 Frantisek Reznicek 2013-02-18 08:57:03 UTC 
I approve the changes.

-> VERIFIED
Comment 6 Cheryn Tan 2013-03-13 23:59:22 UTC 
Docs published on https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_MRG/
Note You need to log in before you can comment on or make changes to this bug.