I wasn't suggesting it needs to be in the UI, although I wouldnt have a problem if it were given that it would be burried away deep in the options (like the one to enable basicAuth of HTTP was).
I dont think adding a snippet about editing the JSON in the depths of the broker docbook is making it particularly easy to do, but it would at least convey that the broker changes the mechanisms offered depending on whether SSL is in use, and make it easier to answer the question for the folks that didnt read the docs. As you say, it would be aided by Proton supporting more SASL mechanisms, and the change you made will help for things defaulting to no-SASL. Robbie On 12 June 2015 at 09:36, Rob Godfrey <[email protected]> wrote: > I'm minded to agree - certainly I don't think we want to make it easy > (via the UI for example) to enable this inherently insecure > configuration. The problem at the moment is that proton seems to have > very limitted abilities with respect to SASL, and clients seem to > either use PLAIN, or omit the SASL layer altogether. > > Last night I made a change tot he Java Broker to allow connections > with the SASL layer omitted where the port has been configured for > anonymous access which should help interop here for people who are > just testing things out. > > -- Rob > > On 12 June 2015 at 10:25, Lorenz Quack <[email protected]> wrote: >> I'm not sure this should be in the docs. I would not encourage people to >> send password in the clear over a network. >> >> Lorenz >> >> >> >> On 11/06/15 17:37, Robbie Gemmell wrote: >>> >>> Can this be added to the documentation to make it easier to point >>> people at, and make it better known? Assuming it isnt already that is, >>> I had a peek for the 0.32 docs but didnt see it. >>> >>> Robbie >>> >>> On 11 June 2015 at 16:20, Lorenz Quack <[email protected]> wrote: >>>> >>>> Hi Mansour, >>>> >>>> if you want to connect with SASL PLAIN on a unsecured connection (which >>>> is >>>> obviously not recommended). you need to tell the to allow this. >>>> You can do this by setting >>>> "secureOnlyMechanisms" : [ ] >>>> in the plain authenticationProvider section in your config.json file. >>>> >>>> It should then look something like this: >>>> >>>> "authenticationproviders" : [ { >>>> "name" : "passwordFile", >>>> "type" : "PlainPasswordFile", >>>> "path" : >>>> "${qpid.home_dir}${file.separator}etc${file.separator}passwd", >>>> "secureOnlyMechanisms" : [ ], >>>> "preferencesproviders" : [{ >>>> "name": "fileSystemPreferences", >>>> "type": "FileSystemPreferences", >>>> "path" : >>>> "${qpid.work_dir}${file.separator}user.preferences.json" >>>> }] >>>> } ], >>>> >>>> >>>> Kind Regards, >>>> Lorenz >>>> >>>> >>>> >>>> >>>> On 11/06/15 16:09, Mansour Al Akeel wrote: >>>>> >>>>> I restarted the server, but still no juice ! >>>>> is there a way I can tell proton to use AMPQ 0-9 or 0-10 ? >>>>> >>>>> I think reverting back to a previous version should solve my problems >>>>> for >>>>> now ! >>>>> >>>>> >>>>> >>>>> On Thu, Jun 11, 2015 at 6:52 PM, Gordon Sim <[email protected]> wrote: >>>>>> >>>>>> On 06/11/2015 03:28 PM, Mansour Al Akeel wrote: >>>>>>> >>>>>>> Gordon, >>>>>>> thank you. >>>>>>> I added Both Anonymous and PLAIN. Here's the steps to add them from >>>>>>> the httpManagement console: >>>>>>> -Double click "Broker" folder. Go to "Authentication Providers", and >>>>>>> click >>>>>>> add. >>>>>>> -Fill the current information: >>>>>>> Name: anonymous >>>>>>> Type: Anonymous >>>>>>> >>>>>>> -Then did it again for Plain: >>>>>>> Name: PLAIN >>>>>>> Type: Plain >>>>>>> and added a user guest:guest >>>>>>> >>>>>>> >>>>>>> Now, went to "Broker >> Ports >> AMQP", Then " >> Edit" I changed the >>>>>>> "Authorization Provider", once for PLAIN and for Anonymous. >>>>>>> >>>>>>> With PLAIN and client side credentials "guest:guest", I am getting on >>>>>>> the broker: >>>>>>> >>>>>>> >>>>>>> 2015-06-11 18:22:35,527 INFO [IoReceiver - /127.0.0.1:33637] >>>>>>> (stats.StatisticsCounter) - Resetting statistics for counter: >>>>>>> messages-delivered-1-13 >>>>>>> 2015-06-11 18:22:35,527 INFO [IoReceiver - /127.0.0.1:33637] >>>>>>> (stats.StatisticsCounter) - Resetting statistics for counter: >>>>>>> data-delivered-1-14 >>>>>>> 2015-06-11 18:22:35,527 INFO [IoReceiver - /127.0.0.1:33637] >>>>>>> (stats.StatisticsCounter) - Resetting statistics for counter: >>>>>>> messages-received-1-15 >>>>>>> 2015-06-11 18:22:35,527 INFO [IoReceiver - /127.0.0.1:33637] >>>>>>> (stats.StatisticsCounter) - Resetting statistics for counter: >>>>>>> data-received-1-16 >>>>>>> 2015-06-11 18:22:35,527 DEBUG [IoReceiver - /127.0.0.1:33637] (FRM) - >>>>>>> SEND[/127.0.0.1:33637|0] : >>>>>>> SaslMechanisms{saslServerMechanisms=[CRAM-MD5]} >>>>>> >>>>>> >>>>>> That looks like CRAM-MD5 is still the only option offered... did you >>>>>> try >>>>>> restarting the broker (I'm not sure if this is required)? >>>>>> >>>>>> [...] >>>>>>> >>>>>>> While we are on this subject, I went back and tried to reinstall >>>>>>> python-qpid-proton, getting an error when installing it. The installer >>>>>>> reports a success. However, there are some errors installing >>>>>>> python-qpid-proton: >>>>>>> >>>>>>> =============================================== >>>>>>> localhost qpid-broker # pip install python-qpid-proton >>>>>>> Downloading/unpacking python-qpid-proton >>>>>>> Downloading python-qpid-proton-0.9.1.zip (90kB): 90kB downloaded >>>>>>> Running setup.py >>>>>>> (path:/tmp/pip_build_root/python-qpid-proton/setup.py) egg_info for >>>>>>> package python-qpid-proton >>>>>>> >>>>>>> Installing collected packages: python-qpid-proton >>>>>>> Running setup.py install for python-qpid-proton >>>>>>> Did not find libqpid-proton via pkg-config: >>>>>>> >>>>>>> Using bundled libqpid-proton >>>>>>> fetching >>>>>>> http://www.apache.org/dist/qpid/proton/0.9.1/qpid-proton-0.9.1.tar.gz >>>>>>> into build/bundled >>>>>>> Using openssl (found via pkg-config). >>>>>>> cc -c /tmp/clock_getttimeuwm6XO.c -o >>>>>>> build/temp.linux-x86_64-2.7/tmp/clock_getttimeuwm6XO.o >>>>>>> cc build/temp.linux-x86_64-2.7/tmp/clock_getttimeuwm6XO.o -o >>>>>>> build/temp.linux-x86_64-2.7/a.out >>>>>>> build/temp.linux-x86_64-2.7/tmp/clock_getttimeuwm6XO.o: In >>>>>>> function >>>>>>> `main': >>>>>>> clock_getttimeuwm6XO.c:(.text+0x15): undefined reference to >>>>>>> `clock_getttime' >>>>>> >>>>>> >>>>>> That looks like it might just be a test for determining what is >>>>>> available. >>>>>> If the install proceeded without error after that, I would not worry >>>>>> about >>>>>> it. >>>>>> >>>>>>> collect2: error: ld returned 1 exit status >>>>>>> building 'libqpid-proton' extension >>>>>>> x86_64-pc-linux-gnu-gcc -pthread -fPIC -Ibuild/include >>>>>>> >>>>>>> >>>>>>> >>>>>>> -I/tmp/pip_build_root/python-qpid-proton/build/bundled/qpid-proton/proton-c/src >>>>>>> >>>>>>> >>>>>>> >>>>>>> -I/tmp/pip_build_root/python-qpid-proton/build/bundled/qpid-proton/proton-c/include >>>>>>> -I/usr/include/python2.7 -c /tmp/pip_build >>>>>>> >>>>>>> >>>>>>> >>>>>>> _root/python-qpid-proton/build/bundled/qpid-proton/proton-c/src/object/record.c >>>>>>> -o >>>>>>> >>>>>>> >>>>>>> build/temp.linux-x86_64-2.7/tmp/pip_build_root/python-qpid-proton/build/bundled/qpid-proton/proton-c/src/object/record.o >>>>>>> -std=gnu99 -Dqpid_proton_EXPORTS -DUSE_ATOLL -DUSE_CLOCK_GETT >>>>>>> IME -DUSE_STRERROR_R -DUSE_UUID_GENERATE >>>>>>> x86_64-pc-linux-gnu-gcc -pthread -fPIC -Ibuild/include >>>>>>> >>>>>>> >>>>>>> >>>>>>> -I/tmp/pip_build_root/python-qpid-proton/build/bundled/qpid-proton/proton-c/src >>>>>>> >>>>>>> >>>>>>> >>>>>>> -I/tmp/pip_build_root/python-qpid-proton/build/bundled/qpid-proton/proton-c/include >>>>>>> -I/usr/include/python2.7 -c /tmp/pip_build >>>>>>> >>>>>>> >>>>>>> >>>>>>> _root/python-qpid-proton/build/bundled/qpid-proton/proton-c/src/object/string.c >>>>>>> -o >>>>>>> >>>>>>> >>>>>>> build/temp.linux-x86_64-2.7/tmp/pip_build_root/python-qpid-proton/build/bundled/qpid-proton/proton-c/src/object/string.o >>>>>>> -std=gnu99 -Dqpid_proton_EXPORTS -DUSE_ATOLL -DUSE_CLOCK_GETT >>>>>>> IME -DUSE_STRERROR_R -DUSE_UUID_GENERATE >>>>>>> ...... >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>> For additional commands, e-mail: [email protected] >>>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: [email protected] >>>>>> For additional commands, e-mail: [email protected] >>>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [email protected] >>>>> For additional commands, e-mail: [email protected] >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
