[
https://issues.apache.org/jira/browse/QPID-5922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14347643#comment-14347643
]
James Flemer commented on QPID-5922:
------------------------------------
Awww... this makes "demo mode" much more work. As a note ... RabbitMQ only
supports PLAIN and AMQPLAIN (https://www.rabbitmq.com/authentication.html).
This "fix" means that RabbitMQ and Qpid interoperability is broken except over
SSL.
Maybe a user who knows what they really want should be able to set some
property or config option to allow insecure authentication.
> [Java Broker] By default restrict the use of PLAIN authentication to secure
> channels
> ------------------------------------------------------------------------------------
>
> Key: QPID-5922
> URL: https://issues.apache.org/jira/browse/QPID-5922
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Rob Godfrey
> Assignee: Rob Godfrey
> Fix For: 0.29
>
>
> PLAIN authentication sends passwords in the clear - in general this should
> not be used over communication channels which are not themselves encrypted.
> For any given authentication provider we should allow the user to set the
> subset of SASL mechanisms which should not be offered if the attempt to
> authenticate is not occurring on a secure channel.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
