[jira] [Commented] (PROTON-1354) Disable problematic SASL mechanisms if they are not explicitly enabled

Fri, 29 Jun 2018 14:22:15 -0700 


    [ 
https://issues.apache.org/jira/browse/PROTON-1354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16528272#comment-16528272
 ] 

Andrew Stitcher commented on PROTON-1354:
-----------------------------------------

This change has introduced a behaviour change in selecting SASL mechanisms. For 
most users this will either not be noticeable or be an easier experience - this 
is because GSSAPI based mechanisms will not be selected "by accident" and 
result in an obscure to understand problem.

However if you want to use a GSSAPI based SASL mechanism then you will need to 
explicitly enable (at least) the GSSAPI and/or the GSS-SPNEGO mechanisms.

To do this you can add a line like the following to your code - on a client 
this code needs to be added before the outgoing connection is attempted, and on 
a server before the listening connection is set up.

In C like this:
{noformat}
/* t is the pn_transport_t* of the connection you are setting up */
pn_sasl_allowed_mechs(pn_sasl(t), "GSSAPI GSS-SPNEGO");{noformat}
If you want to allow other mechanisms then add them to end of the {{"GSSAPI 
GSS-SPNEGO"}} string, as above only those mechanisms will be allowed.

In C++ like this:
{noformat}
// c is a proton::container
// url is a std::string with the connection url.
proton::connection_options co;
...
co.sasl_allowed_mechs("GSSAPI GSS-SPNEGO");
...
proton::connection connection = c.connect(url, co);{noformat}
Similarly here if you want other mechanisms add them to the end of the 
mechanism list.

In Python like this:
{noformat}
# t is the transport of the connection you are setting up
t.sasl().allowed_mechs("GSSAPI GSS-SPNEGO"){noformat}
Again change the string to add any other mechanisms you require.

> Disable problematic SASL mechanisms if they are not explicitly enabled
> ----------------------------------------------------------------------
>
>                 Key: PROTON-1354
>                 URL: https://issues.apache.org/jira/browse/PROTON-1354
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: proton-c
>            Reporter: Justin Ross
>            Assignee: Andrew Stitcher
>            Priority: Major
>              Labels: release-notes, sasl, usability
>             Fix For: proton-c-0.24.0
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to