[jira] Commented: (QPID-1899) --require-encryption doesn't work unless cyrus sasl authentication is turned on

Tue, 24 Nov 2009 15:46:04 -0800 

    [ 
https://issues.apache.org/jira/browse/QPID-1899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12782245#action_12782245
 ] 

Steve Huston commented on QPID-1899:
------------------------------------

Is this correct?

Index: Sasl.h
===================================================================
--- Sasl.h      (revision 883558)
+++ Sasl.h      (working copy)
@@ -37,11 +37,27 @@
 struct ConnectionSettings;
 
 /**
- * Interface to SASL support
+ * Interface to SASL support. This class is implemented by platform-specific
+ * SASL providers.
  */
 class Sasl
 {
   public:
+    /**
+     * Start SASL negotiation with the broker.
+     *
+     * @param mechanisms Comma-separated list of the SASL mechanism the
+     *             client supports.
+     * @param ssf  Security Strength Factor (SSF). SSF is used to negotiate
+     *             a SASL security layer on top of the connection should both
+     *             parties require and support it. The value indicates the
+     *             required level of security for communication. Possible
+     *             values are:
+     *             @li 0  No security
+     *             @li 1  Integrity checking only
+     *             @li >1 Integrity and confidentiality with the number
+     *                    giving the encryption key length.
+     */
     virtual std::string start(const std::string& mechanisms, unsigned int ssf) 
= 0;
     virtual std::string step(const std::string& challenge) = 0;
     virtual std::string getMechanism() = 0;


> --require-encryption doesn't work unless cyrus sasl authentication is turned 
> on
> -------------------------------------------------------------------------------
>
>                 Key: QPID-1899
>                 URL: https://issues.apache.org/jira/browse/QPID-1899
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.5
>            Reporter: Gordon Sim
>            Assignee: Steve Huston
>             Fix For: 0.6
>
>         Attachments: qpid-1899-10_26.patch, qpid-1899-10_30.patch, 
> qpid-1899-9-17.patch, qpid-1899-hacky.patch, qpid-1899.patch, qpid-1899.patch
>
>
> If you specify --require-encryption and --auth no then the broker will allow 
> un-encrypted conections. (If on the other hand you have authentication on, it 
> will prevent you connecting with anything other than a mech that supports 
> encryption and will require an encrypting sasl security layer - or of course 
> an ssl connection)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[email protected]

Reply via email to