[
https://issues.apache.org/jira/browse/ARTEMIS-3106?focusedWorklogId=571867&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-571867
]
ASF GitHub Bot logged work on ARTEMIS-3106:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 25/Mar/21 13:01
Start Date: 25/Mar/21 13:01
Worklog Time Spent: 10m
Work Description: gemmellr commented on pull request #3470:
URL: https://github.com/apache/activemq-artemis/pull/3470#issuecomment-806701276
> But whats the value in removing it? It does not simplify the code, it is
not enabled by default (so peopel can choose if they want to enable it or not)
and it does not remove complexity as it is just another set of algorithms. On
the other hand, adding it "later" or let people "just plug in their own support
for it" seems way much more effort on the long run. For example the client-side
is currently not pluggable.
I wouldnt recommend anyone embark on SCRAM-SHA-1 usage at this point, and
folks have managed without it in Artemis for all this time. As such it simply
seems sensible to at least consider ommitting it and simplifying things rather
than adding it at this stage in its life. The 'it can be added later' was
merely a note that its possible, I wouldnt really expect it to be if omitted.
However trivial, not adding such things just means less code to maintain, less
options to document (not that any of this is documented yet), and avoids the
need to consider/discuss dropping them at some point.
The client side isnt pluggable currently thats true, but could be made so
(not saying now, but some point). That would seem a better addition at some
point rather than SCRAM-SHA-1 support. As you pointed out yourself when arguing
agaisnt need for the client bits, brokers can offer other mechanisms, so the
lack of an old mech there doesnt seem like it would be a significant problem
when it supports the newer ones.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 571867)
Time Spent: 15h 50m (was: 15h 40m)
> Support for SASL-SCRAM
> ----------------------
>
> Key: ARTEMIS-3106
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3106
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: AMQP
> Reporter: Christoph Läubrich
> Priority: Major
> Time Spent: 15h 50m
> Remaining Estimate: 0h
>
> With the enhancements in ARTEMIS-33 / [PR
> 3432|https://github.com/apache/activemq-artemis/pull/3432] it would be now
> possible to plug-in new SASL mechanism.
> One popular one is
> [SASL-SCRAM|https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism]
> because it allows channelbinding together with secure storage of
> user-credential.
> I have created an [implementation of this for Artemis
> AMQP|https://github.com/laeubi/scram-sasl/tree/artemis/artemis] based on the
> [SCRAM SASL authentication for Java|https://github.com/ogrebgr/scram-sasl]
> code with some enhancements/cleanups to the original.
> As the source is already Apache licensed I'd like to propose to include this
> in the Artemis code-base. This would greatly enhance the interoperability
> with other implementations e.g. Apache QPID.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
