etc/sasl2/qdrouterd.conf - qpid-dispatch - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 #
 #
 #---------------------------------
 # SASL Mechanisms and Users
 #---------------------------------
 #
 # This default mech list allows for PLAIN, but that
 # mechanism sends credentials in the clear, and is normally
 # only used along with SSL transport-layer security.
 #
 # This default also permits DIGEST-MD5, but you must have
 # a user and password defined in your sasldb file to use
 # this mechanism.    ( See notes below. )
 #
 #                              PLEASE NOTE
 #  For production messaging systems, a high-security mechanism such as
 #  DIGEST-MD5 or PLAIN+SSL should be used.
 #
 #
 pwcheck_method: auxprop
 auxprop_plugin: sasldb
 sasldb_path: /var/lib/qdrouterd/qdrouterd.sasldb
 mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN


 #---------------------------------
 # Please Note
 #---------------------------------
 #
 # 1. If you use a nonstandard location for your sasl_config directory,
 #    you can point qdrouterd to it by using the container->saslConfigPath
 #    configuration attribute.
 #
 #    If your nonstandard sasl directory is $MY_SASL_DIR, put a copy
 #    of this file at $MY_SASL_DIR/qdrouterd.conf, alter the mech list as
 #    appropriate for your installation, and then use the saslpasswd2
 #    command to add new user+passwd pairs:
 #      echo $PASSWD | saslpasswd2 -c -p -f $MY_SASL_DIR/qdrouterd.sasldb -u QPID $USERNAME
 #
 #
 # 2. The standard location for the qdrouterd sasldb file is
 #       /var/lib/qdrouterd/qdrouterd.sasldb
 #
 # 3. You can see what usernames have been stored in the sasldb, with the
 #    command "sasldblistusers2 -f /var/lib/qdrouterd/qdrouterd.sasldb"
 #
 # 4. The sasldb file must be readable by the user running the qdrouterd
 #    daemon, ( the user name is qdrouterd ) and should be readable only
 #    by that user.
 #
 # 5. The EXTERNAL mechanism allows you to use SSL transport layer
 #    security.  In that case, you can also set the broker option
 #    --ssl-require-client-authentication .


 # The following line stops spurious 'sql_select option missing' errors when
 # cyrus-sql-sasl plugin is installed
 sql_select: dummy select
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	#
	#
	#---------------------------------
	# SASL Mechanisms and Users
	#---------------------------------
	#
	# This default mech list allows for PLAIN, but that
	# mechanism sends credentials in the clear, and is normally
	# only used along with SSL transport-layer security.
	#
	# This default also permits DIGEST-MD5, but you must have
	# a user and password defined in your sasldb file to use
	# this mechanism. ( See notes below. )
	#
	# PLEASE NOTE
	# For production messaging systems, a high-security mechanism such as
	# DIGEST-MD5 or PLAIN+SSL should be used.
	#
	#
	pwcheck_method: auxprop
	auxprop_plugin: sasldb
	sasldb_path: /var/lib/qdrouterd/qdrouterd.sasldb
	mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN



	#---------------------------------
	# Please Note
	#---------------------------------
	#
	# 1. If you use a nonstandard location for your sasl_config directory,
	# you can point qdrouterd to it by using the container->saslConfigPath
	# configuration attribute.
	#
	# If your nonstandard sasl directory is $MY_SASL_DIR, put a copy
	# of this file at $MY_SASL_DIR/qdrouterd.conf, alter the mech list as
	# appropriate for your installation, and then use the saslpasswd2
	# command to add new user+passwd pairs:
	# echo $PASSWD \| saslpasswd2 -c -p -f $MY_SASL_DIR/qdrouterd.sasldb -u QPID $USERNAME
	#
	#
	# 2. The standard location for the qdrouterd sasldb file is
	# /var/lib/qdrouterd/qdrouterd.sasldb
	#
	# 3. You can see what usernames have been stored in the sasldb, with the
	# command "sasldblistusers2 -f /var/lib/qdrouterd/qdrouterd.sasldb"
	#
	# 4. The sasldb file must be readable by the user running the qdrouterd
	# daemon, ( the user name is qdrouterd ) and should be readable only
	# by that user.
	#
	# 5. The EXTERNAL mechanism allows you to use SSL transport layer
	# security. In that case, you can also set the broker option
	# --ssl-require-client-authentication .



	# The following line stops spurious 'sql_select option missing' errors when
	# cyrus-sql-sasl plugin is installed
	sql_select: dummy select