Michal Toth created ARTEMIS-1386:
------------------------------------
Summary: With enabled kerberos auth, acceptor allows PLAIN auth
sasl users in, even when GSSAPI is the only defined sasl mechanism on transport
Key: ARTEMIS-1386
URL: https://issues.apache.org/jira/browse/ARTEMIS-1386
Project: ActiveMQ Artemis
Issue Type: Bug
Components: AMQP, Broker
Affects Versions: 2.4.0
Environment: Artemis built from sources
last git commit 098d69b63c81d9b2aa2c58c30d921d30472e57f8 (Sept 1)
Reporter: Michal Toth
Enable all AMQP authentication & authorization to be performed by GSSAPI
(kerberos), so user can send and receive messages w/o problems using kerberos
credentials.
Define broker amqp acceptor to accept only GSSAPI auth mechanism.
{noformat}
<acceptor
name="amqp">tcp://0.0.0.0:5672?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=AMQP;useEpoll=true;amqpCredits=1000;amqpMinCredits=300;saslMechanisms=GSSAPI;saslLoginConfigScope=mykerberos</acceptor>
{noformat}
Users authentication over PLAIN sasl mechanism should not be allowed it. Only
Kerberized ones. This is not working actually.
I am able to send/receive a message using plain over AMQP, with such defined
saslMechanisms as above.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
