svn commit: r1694421 - /qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml

Thu, 06 Aug 2015 01:24:07 -0700 

Author: kwall
Date: Thu Aug  6 08:23:43 2015
New Revision: 1694421

URL: http://svn.apache.org/r1694421
Log:
QPID-6606: [Java Broker Docs] Document the AuthenticationProviders' behaviour 
regarding authentication mechanisms

Work by Lorenz Quack <quack.lor...@gmail.com>

Modified:
    
qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml

Modified: 
qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
URL: 
http://svn.apache.org/viewvc/qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml?rev=1694421&r1=1694420&r2=1694421&view=diff
==============================================================================
--- 
qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
 (original)
+++ 
qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
 Thu Aug  6 08:23:43 2015
@@ -38,6 +38,23 @@
     </para>
   </important>
 
+  <note>
+    <para>
+      Authentication Providers may choose to selectively disable certain 
authentication mechanisms
+      depending on whether an encrypted transport is being used or not. This 
is to avoid insecure
+      configurations. Notably, by default the PLAIN mechanism will be disabled 
on non-SSL
+      connections. This security feature can be overwritten by setting
+      <programlisting>secureOnlyMechanisms = []</programlisting> in the 
authentication provider
+      section of the config.json.
+      <warning>
+        <para>
+          Changing the secureOnlyMechanism is a breach of security and might 
cause passwords to be
+          transfered in the clear. Use at your own risk!
+        </para>
+      </warning>
+    </para>
+  </note>
+
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; 
href="Java-Broker-Security-Authentication-Providers-LDAP.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; 
href="Java-Broker-Security-Authentication-Providers-Kerberos.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; 
href="Java-Broker-Security-Authentication-Providers-External.xml"/>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org

Reply via email to