I can't quite remember. I've just now checked all the full-fledged servers I use regularly (qpidd, qdrouterd, artemis), and they all restrict to an explicit list of mechs that excludes GSSAPI, as you suggest.
It's probably something I've recently run into only with test servers and peer-to-peer client examples. Cyrus SASL makes it somewhat painful to configure them, so they usually don't have the explicit list. Anyway, I agree that mitigates the problem considerably. I know Andrew happened to have this problem recently, which is why he raised the PR and the topic. On Fri, Jun 15, 2018 at 12:46 PM Gordon Sim <g...@redhat.com> wrote: > On 15/06/18 20:40, Justin Ross wrote: > > On Fri, Jun 15, 2018 at 12:25 PM Robbie Gemmell < > robbie.gemm...@gmail.com> > > wrote: > > > >> I think its reasonable that clients dont attempt to do GSSAPI by > >> default unless it has been enabled in some way, since it requires > >> specific external configuration. > >> > > > > This is the case that interests me. I've been tripped up by this more > than > > once. > > Against which server? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org > For additional commands, e-mail: users-h...@qpid.apache.org > >
