[
https://issues.apache.org/jira/browse/QPID-5922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14347696#comment-14347696
]
Rob Godfrey edited comment on QPID-5922 at 3/4/15 10:31 PM:
------------------------------------------------------------
And they can :-)
If you edit the config json file you'll see a section on the authentication
providers, something like this:
{code}
"authenticationproviders" : [ {
"id" : "e5d6f234-d212-4fc9-9728-815a547eee86",
"name" : "passwordFile",
"type" : "PlainPasswordFile",
"path" : "${qpid.home_dir}${file.separator}etc${file.separator}passwd",
{code}
you can add an entry in there to allow any authentication mechanism by setting
the "secureOnlyMechanisms" to the empty list (by default any mechanism which
would reveal potentially confidential information such as PLAIN and AMQPLAIN is
in the list).... so
{code}
"authenticationproviders" : [ {
"id" : "e5d6f234-d212-4fc9-9728-815a547eee86",
"name" : "passwordFile",
"type" : "PlainPasswordFile",
"secureOnlyMechanisms" : [ ],
"path" : "${qpid.home_dir}${file.separator}etc${file.separator}passwd",
{code}
should work
was (Author: rgodfrey):
And they can :-)
If you edit the config json file you'll see a section on the authentication
providers, something like this:
{code}
"authenticationproviders" : [ {
"id" : "e5d6f234-d212-4fc9-9728-815a547eee86",
"name" : "passwordFile",
"type" : "PlainPasswordFile",
"path" : "${qpid.home_dir}${file.separator}etc${file.separator}passwd",
{code}
you can add an entry in there to allow any authentication mechanism by setting
the "secureOnlyMechanisms" to the empty list (by default any mechanism which
would reveal potentially confidential information such as PLAIN and AMQPLAIN is
in the list).... so
{code}
"authenticationproviders" : [ {
"id" : "e5d6f234-d212-4fc9-9728-815a547eee86",
"name" : "passwordFile",
"type" : "PlainPasswordFile",
"secureOnlyMechanims" : [ ],
"path" : "${qpid.home_dir}${file.separator}etc${file.separator}passwd",
{code}
should work
> [Java Broker] By default restrict the use of PLAIN authentication to secure
> channels
> ------------------------------------------------------------------------------------
>
> Key: QPID-5922
> URL: https://issues.apache.org/jira/browse/QPID-5922
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Rob Godfrey
> Assignee: Rob Godfrey
> Fix For: 0.29
>
>
> PLAIN authentication sends passwords in the clear - in general this should
> not be used over communication channels which are not themselves encrypted.
> For any given authentication provider we should allow the user to set the
> subset of SASL mechanisms which should not be offered if the attempt to
> authenticate is not occurring on a secure channel.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
