diff options
Diffstat (limited to 'cpp/etc')
| -rw-r--r-- | cpp/etc/Makefile.am | 23 | ||||
| -rw-r--r-- | cpp/etc/qpidd.conf | 2 | ||||
| -rw-r--r-- | cpp/etc/sasl2/qpidd.conf | 5 |
3 files changed, 26 insertions, 4 deletions
diff --git a/cpp/etc/Makefile.am b/cpp/etc/Makefile.am index 1e4db561a7..c91dbcbbad 100644 --- a/cpp/etc/Makefile.am +++ b/cpp/etc/Makefile.am @@ -30,7 +30,30 @@ nobase_sysconf_DATA = \ qpidd.conf if HAVE_SASL +SASL_DB = qpidd.sasldb + nobase_sysconf_DATA += \ $(SASL_CONF) +sasldbdir = $(localstatedir)/lib/qpidd +sasldb_DATA = $(SASL_DB) + +# Setup the default sasldb file with a single user, guest, with an +# obvious password. This user and password are the default for many +# clients. +# +# The realm specified by -u is very important, and QPID is the default +# for the broker so we use it here. The realm is important because it +# defaults to the local hostname of the machine running the +# broker. This may not seem to bad at first glance, but it means that +# the sasldb has to be tailored to each machine that would be running +# a broker, and if the machine ever changed its name the +# authentication would stop working until the sasldb was updated. For +# these reasons we always want the broker to specify a realm where its +# users live, and we want the users to exist in that realm as well. +$(SASL_DB): + echo guest | $(SASL_PASSWD) -c -p -f $(SASL_DB) -u QPID guest + +CLEANFILES=$(SASL_DB) + endif diff --git a/cpp/etc/qpidd.conf b/cpp/etc/qpidd.conf index bfe4e38bbd..8082660f6f 100644 --- a/cpp/etc/qpidd.conf +++ b/cpp/etc/qpidd.conf @@ -21,4 +21,4 @@ # # (Note: no spaces on either side of '='). Using default settings: # "qpidd --help" or "man qpidd" for more details. -cluster-mechanism=DIGEST-MD5 ANONYMOUS +cluster-mechanism=ANONYMOUS diff --git a/cpp/etc/sasl2/qpidd.conf b/cpp/etc/sasl2/qpidd.conf index d766cb8ef8..3197d7792a 100644 --- a/cpp/etc/sasl2/qpidd.conf +++ b/cpp/etc/sasl2/qpidd.conf @@ -17,8 +17,8 @@ # under the License. # # -# This configuation allows for either SASL ANONYMOUS or DIGEST-MD5 -# authentication. The DIGEST-MD5 authentication is done on a +# This configuation allows for either SASL PLAIN or ANONYMOUS +# authentication. The PLAIN authentication is done on a # username+password, which is stored in the sasldb_path # file. Usernames and passwords can be added to the file using the # command: @@ -39,7 +39,6 @@ pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: /var/lib/qpidd/qpidd.sasldb -mech_list: DIGEST-MD5 ANONYMOUS #following line stops spurious 'sql_select option missing' errors when #cyrus-sql-sasl plugin is installed |