[
https://issues.apache.org/jira/browse/QPID-1834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12705036#action_12705036
]
Garrett Smith commented on QPID-1834:
-------------------------------------
It think /etc/sasl2 is the right place. I opened a thread on the users list and
I'm the only one that has faced this problem. I believe it's specific to the
Debian package.
Looking over postfix docs (they use sasl as well and face the same issue), it
looks like they solve it simply by documenting the location. Presumably the
system package managers deal with setting it up in the correct location.
I think having a --sasl-path option in configure would be straight forward way
to deal with this.
The best solution, IMO, would be to use the "get path callback" in the sasl
library to explicit tell sasl where to find qpidd.conf -- e.g.
PREFIX/etc/qpidd/sasl. qpid has no control over how sasl is setup and the
default behavior for a misconfigured environment is to leave qpid *wide open*
for anonymous use. Explicitly controlling the path would ensure that the
qpidd.conf was used.
Along with this, I believe that "anonymous" mechanism should not be enabled in
qpidd.conf by default.
> Misconfiguration of config path for Debian libsasl2-2 (SASL support)
> --------------------------------------------------------------------
>
> Key: QPID-1834
> URL: https://issues.apache.org/jira/browse/QPID-1834
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M4
> Environment: Debian "squeeze"
> Reporter: Garrett Smith
>
> The libsasl2-2 package is configured with the option:
> --with-configdir=/etc/sasl:/usr/lib/sasl2
> Background on this decision can be found here:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211156
> cpp/etc/Makefile.in specifies SASL_CONF as /etc/sasl2, which isn't on the
> config path that the Debian package is compiled with. The result is that the
> qpid sasl configuration is never used. This is a pain to debug as the missed
> configuration is silently ignored.
> I'm not sure what the ideal solution is here, but I think this ought to be
> addressed given we're talking about Debian.
> A config option for qpidd would probably be appropriate, or, in keeping with
> the hard coding strategy, create a link from /etc/sasl to /etc/sasl2. Just a
> couple ideas though.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
