[
https://issues.apache.org/jira/browse/DISPATCH-906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16323057#comment-16323057
]
ASF GitHub Bot commented on DISPATCH-906:
-----------------------------------------
Github user jdanekrh commented on a diff in the pull request:
https://github.com/apache/qpid-dispatch/pull/241#discussion_r161090032
--- Diff: doc/new-book/configuration-security.adoc ---
@@ -373,22 +373,26 @@ This is the service principal that {RouterName} uses.
.Procedure
. On the router's host machine, open the `/etc/sasl2/qdrouterd.conf`
configuration file.
-
-. Verify that the `mech_list` attribute contains the `GSSAPI` mechanism.
+
--
-.The `/etc/sasl2/qdrouterd.conf` Configuration File
+.An `/etc/sasl2/qdrouterd.conf` Configuration File
====
[options="nowrap"]
----
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: qdrouterd.sasldb
+keytab: /tmp/keytabs/server.keytab
--- End diff --
Probably not `/tmp/`, though. That would be silly thing to do in actual
deployment for the fact that RHELs auto-delete old files under `/tmp`. There
are AFAIK supposed to be permissions related security issues around using /tmp,
but I am now unable to find more on this.
> Document Kerberos integration
> -----------------------------
>
> Key: DISPATCH-906
> URL: https://issues.apache.org/jira/browse/DISPATCH-906
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Documentation
> Reporter: Ben Hardesty
> Assignee: Ben Hardesty
>
> Document requirements and for accepting Kerberos authenticated connections.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
