diff options
| author | Alan Conway <aconway@apache.org> | 2014-04-23 13:22:13 +0000 |
|---|---|---|
| committer | Alan Conway <aconway@apache.org> | 2014-04-23 13:22:13 +0000 |
| commit | ce128d92c5a7a87c3df9b1be3e4fe7af9765b42b (patch) | |
| tree | 7f7f4c784659e71662e028d7ef134fc60cc4ad2f | |
| parent | 35de9683349c40207ea136b6ff38808722a14cda (diff) | |
| download | qpid-python-ce128d92c5a7a87c3df9b1be3e4fe7af9765b42b.tar.gz | |
QPID-5711: HA doc clarifications on security.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1589403 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | qpid/doc/book/src/cpp-broker/Active-Passive-Cluster.xml | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/qpid/doc/book/src/cpp-broker/Active-Passive-Cluster.xml b/qpid/doc/book/src/cpp-broker/Active-Passive-Cluster.xml index 6cb1b768ab..4a4b8d9a5c 100644 --- a/qpid/doc/book/src/cpp-broker/Active-Passive-Cluster.xml +++ b/qpid/doc/book/src/cpp-broker/Active-Passive-Cluster.xml @@ -782,9 +782,12 @@ NOTE: fencing is not shown, you must configure fencing appropriately for your cl <section id="ha-security"> <title>Security and Access Control.</title> <para> - You can secure your cluster using the authentication and authorization - features described in <xref linkend="chap-Messaging_User_Guide-Security"/>. - HA brokers use the credentials set by the following options: + This section outlines the HA specific aspects of security configuration. + Please see <xref linkend="chap-Messaging_User_Guide-Security"/> for + more details on enabling authentication and setting up Access Control Lists. + </para> + <para> + When authentication is enabled, HA brokers use the credentials set by the following options: </para> <table frame="all" id="ha-security-options"> <title>HA Security Options</title> @@ -801,7 +804,7 @@ NOTE: fencing is not shown, you must configure fencing appropriately for your cl <tbody> <row> <entry><para><literal>ha-username</literal> <replaceable>USER</replaceable></para></entry> - <entry><para>User name for HA brokers.</para></entry> + <entry><para>User name for HA brokers. Note this must <emphasis>not</emphasis> include the <literal>@QPID</literal> suffix.</para></entry> </row> <row> <entry><para><literal>ha-password</literal> <replaceable>PASS</replaceable></para></entry> @@ -820,8 +823,9 @@ NOTE: fencing is not shown, you must configure fencing appropriately for your cl primary state, for example creating queues and exchanges. </para> <para> - When using an Access Control List the following ACL rule is required - when <literal>ha-username</literal>=<replaceable>USER</replaceable> + When authorization is enabled you must have an Access Control List with the + following rule to allow HA replication to function. Suppose + <literal>ha-username</literal>=<replaceable>USER</replaceable> </para> <programlisting> acl allow <replaceable>USER</replaceable>@QPID all all |