diff options
| author | Alan Conway <aconway@apache.org> | 2011-12-06 15:56:40 +0000 |
|---|---|---|
| committer | Alan Conway <aconway@apache.org> | 2011-12-06 15:56:40 +0000 |
| commit | ae0f67263950f41ce6078a9fde79be78d47f4a11 (patch) | |
| tree | c2f1105dc677a6739d3faca8e2bb860e12209329 /qpid/cpp/src/cluster.mk | |
| parent | 03d03c025427c234fedcfae3126f0092afa0e1e7 (diff) | |
| download | qpid-python-ae0f67263950f41ce6078a9fde79be78d47f4a11.tar.gz | |
QPID-3652: Fix cluster authentication.
Only allow brokers that authenticate as the cluster-username to join a cluster.
New broker first connects to a cluster broker authenticates as the cluster-username
and sends its CPG member ID to the qpid.cluster-credentials exchange.
The cluster broker that subsequently acts as updater verifies that the credentials are
valid before connecting to give the update.
NOTE 1: If you are using an ACL, the cluster-username must be allowed to
publish to the qpid.cluster-credentials exchange. E.g. in your ACL file:
acl allow foo@QPID publish exchange name=qpid.cluster-credentials
NOTE 2: This changes the cluster initialization protocol, you will
need to restart the cluster with all new version brokers.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1210989 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/cpp/src/cluster.mk')
| -rw-r--r-- | qpid/cpp/src/cluster.mk | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/qpid/cpp/src/cluster.mk b/qpid/cpp/src/cluster.mk index 3ce4ce25b3..632522e84f 100644 --- a/qpid/cpp/src/cluster.mk +++ b/qpid/cpp/src/cluster.mk @@ -55,6 +55,8 @@ cluster_la_SOURCES = \ qpid/cluster/ConnectionCodec.h \ qpid/cluster/Cpg.cpp \ qpid/cluster/Cpg.h \ + qpid/cluster/CredentialsExchange.cpp \ + qpid/cluster/CredentialsExchange.h \ qpid/cluster/Dispatchable.h \ qpid/cluster/UpdateClient.cpp \ qpid/cluster/UpdateClient.h \ |