[
https://issues.apache.org/jira/browse/AMQ-4693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16096891#comment-16096891
]
Piotr Klimczak edited comment on AMQ-4693 at 7/21/17 9:20 PM:
--------------------------------------------------------------
[~gtully]
As RFC2712 (in fact JSSE) is now past, the only options we have as I understand
is GSS API.
Question now- plain GSS or via SASL?
Also, while JSSE came at almost no extra cost as it was over SSL, GSS/SASL are
bit more difficult to implement (but definitely doable) as it requires sending
tokens over stream pipe, instead of just stream.
Surprisingly NIOSSLTransport doesn't seem to be far away from what GSS needs,
as it also does (un)wrapping, handshaking etc but over SSL.
So implementing GSS might not be that tricky as I initially thought, but I
might be missing sth as I haven't been doing anything for ActiveMQ for last 2.5
years- bad :( I know.
WDYT? Does it make sense?
Personally I would love to implement it. Just not sure if my RL work will allow
me as I am spending a lot of time in overtime in last months.
Might give it a go during the weekend.
Cheers.
was (Author: nannou9):
[~gtully]
As RFC2712 (in JSSE) is now past, the only options we have as I understand is
GSS API.
Question now- plain GSS or via SASL?
Also, while JSSE came at almost no extra cost as it was over SSL, GSS/SASL are
bit more difficult to implement (but definitely doable) as it requires sending
tokens over stream pipe, instead of just stream.
Surprisingly NIOSSLTransport doesn't seem to be far away from what GSS needs,
as it also does (un)wrapping, handshaking etc but over SSL.
So implementing GSS might not be that tricky as I initially thought, but I
might be missing sth as I haven't been doing anything for ActiveMQ for last 2.5
years- bad :( I know.
WDYT? Does it make sense?
Personally I would love to implement it. Just not sure if my RL work will allow
me as I am spending a lot of time in overtime in last months.
Might give it a go during the weekend.
Cheers.
> Add kerberos [SASL] authentication for TCP connectors
> -----------------------------------------------------
>
> Key: AMQ-4693
> URL: https://issues.apache.org/jira/browse/AMQ-4693
> Project: ActiveMQ
> Issue Type: New Feature
> Components: Broker
> Affects Versions: 5.8.0
> Environment: linux, solaris
> Reporter: Bhanu
> Priority: Minor
> Fix For: Unscheduled
>
>
> Hi,
> Can kerberos based authentication be added to ActiveMQ's TCP connectors.
> Thanks,
> Bhanu
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
