On Wed, 2016-06-22 at 16:47 +0200, Adel Boutros wrote:
> Hello,
>
> I want to use SASL authentication mechanism using a client
> certificate. I looked at the examples and tests but I didn't quite
> get everything.
> I know I have to setup a listener with "sasl-mechanisms: EXTERNAL"
> and "require-peer-auth: yes" but then how do I tell the dispatcher
> which certificates are accepted and which aren't?
> Of course I want to use a certificate for SSL encryption (provided in
> the ssl-profile) and a different one for SASL authentication but on
> the same listener.
> ssl-profile {
> name: ssl-profile-name
> certFile: cert_ssl_encryption.pem
> keyFile: key_ssl_encryption.pem
> }
>
> listener {
> host: 0.0.0.0
> port: 10399
> sasl-mechanisms: EXTERNAL
> ssl-profile: ssl-profile-name
> authenticatePeer: yes
> requireSsl: yes
> }
> In the above configuration, where should I add the "cert_sasl.pem"?
Minor nit - capitalized names are preferred now in config files:
saslProfile, saslMechanisms etc. Support for hyphenated names will go
away at some point.
Cheers,
Alan.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
