[
https://issues.apache.org/jira/browse/AMQ-4693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14237118#comment-14237118
]
Piotr Klimczak edited comment on AMQ-4693 at 12/7/14 12:10 PM:
---------------------------------------------------------------
Hi Ryan!
Thanks for feedback!
As this solution is built on top of RFC2712, it is using TCP and SSL protocol
with Kerberos tokens handshake.
As failover works for plain SSL, then it should work for Kerberos too I believe.
I have performed some tests:
1. Amended org.apache.activemq.network.NetworkFailoverTest to use krb5 protocol
instead of tcp- PASSING
2. Crafted my own test with broker1 is starting, connecting 3 consumers with
failover protocol, broker1 stopping, starting broker2, sending 3 messagaes. As
a result consumers are reconnecting from broker1 to broker2 and consuming
messages properly.
Do you remember what exactly failed in your scenario?
Haven't tested it yet on 2 different machines. Do you remember whether your
problem occurs when testing failover on one machine?
What I haven't tested yet is token expiration and renewal, which might cause
the problem you described above. Will try to test it soon and will be back with
results.
I am not keen in Kerberos, so any help is welcome :)
Thanks in advance for feedback.
Piotr Klimczak
was (Author: nannou9):
Hi Ryan!
Thanks for feedback!
As this solution is built on top of RFC2712, it is using TCP and SSL protocol
with Kerberos tokens handshake.
As failover works for plain SSL, then it should work for Kerberos too I believe.
I have performed some tests:
1. Amended org.apache.activemq.network.NetworkFailoverTest to use krb5 protocol
instead of tcp- PASSING
2. Crafted my own test with broker1 is starting, connecting 3 consumers with
failover protocol, broker1 stopping, starting broker2, sending 3 messagaes. As
a result consumers are reconnecting from broker1 to broker2 and consuming
messages properly.
Do you remember what exactly failed in your scenario?
Haven't tested it yet on 2 different machines. Do you remember whether your
problem occurs when testing failover on one machine?
What I haven't tested yet is token expiration, which might cause the problem
you described above. Will try to test it soon and will be back with results.
Thanks in advance for feedback.
Piotr Klimczak
> Add kerberos [SASL] authentication for TCP connectors
> -----------------------------------------------------
>
> Key: AMQ-4693
> URL: https://issues.apache.org/jira/browse/AMQ-4693
> Project: ActiveMQ
> Issue Type: New Feature
> Components: Broker
> Affects Versions: 5.8.0
> Environment: linux, solaris
> Reporter: Bhanu
> Priority: Minor
> Fix For: Unscheduled
>
>
> Hi,
> Can kerberos based authentication be added to ActiveMQ's TCP connectors.
> Thanks,
> Bhanu
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
