Undo bad merge from trunk - merged at wrong level.

git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/QPID-2519@1187150 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 26 insertions, 4 deletions

diff --git a/cpp/etc/Makefile.am b/cpp/etc/Makefile.am
index 1e4db561a7..c91dbcbbad 100644
--- a/cpp/etc/Makefile.am
+++ b/cpp/etc/Makefile.am
@@ -30,7 +30,30 @@ nobase_sysconf_DATA = \
 	qpidd.conf
 
 if HAVE_SASL
+SASL_DB = qpidd.sasldb
+
 nobase_sysconf_DATA += \
 	$(SASL_CONF)
 
+sasldbdir = $(localstatedir)/lib/qpidd
+sasldb_DATA = $(SASL_DB)
+
+# Setup the default sasldb file with a single user, guest, with an
+# obvious password. This user and password are the default for many
+# clients.
+#
+# The realm specified by -u is very important, and QPID is the default
+# for the broker so we use it here. The realm is important because it
+# defaults to the local hostname of the machine running the
+# broker. This may not seem to bad at first glance, but it means that
+# the sasldb has to be tailored to each machine that would be running
+# a broker, and if the machine ever changed its name the
+# authentication would stop working until the sasldb was updated. For
+# these reasons we always want the broker to specify a realm where its
+# users live, and we want the users to exist in that realm as well.
+$(SASL_DB):
+	echo guest | $(SASL_PASSWD) -c -p -f $(SASL_DB) -u QPID guest
+
+CLEANFILES=$(SASL_DB)
+
 endif
diff --git a/cpp/etc/qpidd.conf b/cpp/etc/qpidd.conf
index bfe4e38bbd..8082660f6f 100644
--- a/cpp/etc/qpidd.conf
+++ b/cpp/etc/qpidd.conf
@@ -21,4 +21,4 @@
 #
 # (Note: no spaces on either side of '='). Using default settings:
 # "qpidd --help" or "man qpidd" for more details.
-cluster-mechanism=DIGEST-MD5 ANONYMOUS
+cluster-mechanism=ANONYMOUS
diff --git a/cpp/etc/sasl2/qpidd.conf b/cpp/etc/sasl2/qpidd.conf
index d766cb8ef8..3197d7792a 100644
--- a/cpp/etc/sasl2/qpidd.conf
+++ b/cpp/etc/sasl2/qpidd.conf
@@ -17,8 +17,8 @@
 # under the License.
 #
 #
-# This configuation allows for either SASL ANONYMOUS or DIGEST-MD5
-# authentication. The DIGEST-MD5 authentication is done on a
+# This configuation allows for either SASL PLAIN or ANONYMOUS
+# authentication. The PLAIN authentication is done on a
 # username+password, which is stored in the sasldb_path
 # file. Usernames and passwords can be added to the file using the
 # command:
@@ -39,7 +39,6 @@
 pwcheck_method: auxprop
 auxprop_plugin: sasldb
 sasldb_path: /var/lib/qpidd/qpidd.sasldb
-mech_list: DIGEST-MD5 ANONYMOUS
 
 #following line stops spurious 'sql_select option missing' errors when
 #cyrus-sql-sasl plugin is installed