qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Ritchie" <ritch...@apache.org>
Subject Re: What SASL mechanisms does Qpid Support?
Date Sun, 27 Apr 2008 22:47:24 GMT
2008/4/27 Carl Trieloff <cctrieloff@redhat.com>:
>
> Tomas Restrepo wrote:
>
> > Hi Marnie,
> >
> >
> >
> > >  I don't know of any samples though thinking about it I believe it was
> the
> > >  .NET guys that did some work on this stuff.
> > >
> > >  Anyone know better/more ?
> > >
> > >
> >
> > I did most of the authentication support on the .NET client,
> > implementing the core SASL support. Currently the .NET client itself
> > should support Anonymous, CRAM-MD5, Digest, Plain and External (useful
> > if eventually implicit SSL with client-side certificates are supported
> > by the spec).
> >
> > From what I remember, though, the Java client only supported Plain and
> > CRAM-MD5 (and one of them had an issue which I do not know if it was
> > fixed or not).
> >
> >
> >
>  To complete the picture,
>
>  The M3 C++ broker also now has full SASL support. If you look at the
> patches Matthew
>  submitted -- I think Gordon might still be working some final updates for
> 0-10 final though -
>  sure he will comment when he sees the thread.
>
>  Carl.

The Java client will log out the password when set to debug level
logging otherwise it * out the value.

The Java broker does have a bug in it with AMQPLAIN and PLAIN
authentication, implementations. (QPID-474)

The Java broker/client also implements a modified CRAM-MD5 called
CRAM-MD5-HASHED where the hash of the password is used to
authenticate. This means the broker never needs to know the full
password, only the hash is ever stored on disk.

Hope that helps,

Martin

-- 
Martin Ritchie

Mime
View raw message