Hello,
I want to use SASL authentication mechanism using a client certificate. I
looked at the examples and tests but I didn't quite get everything.
I know I have to setup a listener with "sasl-mechanisms: EXTERNAL" and
"require-peer-auth: yes" but then how do I tell the dispatcher which
certificates are accepted and which aren't?
Of course I want to use a certificate for SSL encryption (provided in the
ssl-profile) and a different one for SASL authentication but on the same
listener.
ssl-profile {
name: ssl-profile-name
certFile: cert_ssl_encryption.pem
keyFile: key_ssl_encryption.pem
}
listener {
host: 0.0.0.0
port: 10399
sasl-mechanisms: EXTERNAL
ssl-profile: ssl-profile-name
authenticatePeer: yes
requireSsl: yes
}
In the above configuration, where should I add the "cert_sasl.pem"?
Regards,
Adel
