# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # # #--------------------------------- # SASL Mechanisms and Users #--------------------------------- # # This default mech list allows for PLAIN, but that # mechanism sends credentials in the clear, and is normally # only used along with SSL transport-layer security. # # This default also permits DIGEST-MD5, but you must have # a user and password defined in your sasldb file to use # this mechanism. ( See notes below. ) # # PLEASE NOTE # For production messaging systems, a high-security mechanism such as # DIGEST-MD5 or PLAIN+SSL should be used. # # pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: /var/lib/qdrouterd/qdrouterd.sasldb mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN #--------------------------------- # Please Note #--------------------------------- # # 1. If you use a nonstandard location for your sasl_config directory, # you can point qdrouterd to it by using the container->saslConfigPath # configuration attribute. # # If your nonstandard sasl directory is $MY_SASL_DIR, put a copy # of this file at $MY_SASL_DIR/qdrouterd.conf, alter the mech list as # appropriate for your installation, and then use the saslpasswd2 # command to add new user+passwd pairs: # echo $PASSWD | saslpasswd2 -c -p -f $MY_SASL_DIR/qdrouterd.sasldb -u QPID $USERNAME # # # 2. The standard location for the qdrouterd sasldb file is # /var/lib/qdrouterd/qdrouterd.sasldb # # 3. You can see what usernames have been stored in the sasldb, with the # command "sasldblistusers2 -f /var/lib/qdrouterd/qdrouterd.sasldb" # # 4. The sasldb file must be readable by the user running the qdrouterd # daemon, ( the user name is qdrouterd ) and should be readable only # by that user. # # 5. The EXTERNAL mechanism allows you to use SSL transport layer # security. In that case, you can also set the broker option # --ssl-require-client-authentication . # The following line stops spurious 'sql_select option missing' errors when # cyrus-sql-sasl plugin is installed sql_select: dummy select