qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PROTON-1354) Disable problematic SASL mechanisms if they are not explicitly enabled
Date Tue, 12 Jun 2018 20:27:00 GMT

    [ https://issues.apache.org/jira/browse/PROTON-1354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16510157#comment-16510157
] 

ASF GitHub Bot commented on PROTON-1354:
----------------------------------------

GitHub user astitcher opened a pull request:

    https://github.com/apache/qpid-proton/pull/148

    PROTON-1354: Don't allow SASL mechanisms GSSAPI or GSS-SPNEGO by default

    Small change that fixes a pain point if you have kerberos on you client machine but aren't
using it for proton.
    
    The SASL handling is changed so that if you want to use kerberos you now need to tell
the pn_sasl_allowed_mechs() API on both the client and server that you allow GSSAPI and/or
GSS-SPNEGO mechanisms (along with any other mechanisms you want).
    
    The logic here is that you are very unlikely to want GSSAPI unless you have specifically
set it up and then you will know that and can allow it specifically.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/astitcher/qpid-proton proton-1354

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/qpid-proton/pull/148.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #148
    
----
commit bad63dc878856bd9fb657f03eb008cad02f44098
Author: Andrew Stitcher <astitcher@...>
Date:   2018-06-12T20:17:42Z

    PROTON-1354: Don't allow SASL mechanisms GSSAPI or GSS-SPNEGO by default
    - If you want to use these mechanisms they must be explicitly set in the
      allowed mechanisms list for server and client that are connecting

----


> Disable problematic SASL mechanisms if they are not explicitly enabled
> ----------------------------------------------------------------------
>
>                 Key: PROTON-1354
>                 URL: https://issues.apache.org/jira/browse/PROTON-1354
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: proton-c
>            Reporter: Justin Ross
>            Assignee: Andrew Stitcher
>            Priority: Major
>              Labels: sasl, usability
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message