| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| # |
| #--------------------------------- |
| # SASL Mechanisms and Users |
| #--------------------------------- |
| # |
| # This default mech list allows for PLAIN, but that |
| # mechanism sends credentials in the clear, and is normally |
| # only used along with SSL transport-layer security. |
| # |
| # This default also permits DIGEST-MD5, but you must have |
| # a user and password defined in your sasldb file to use |
| # this mechanism. ( See notes below. ) |
| # |
| # PLEASE NOTE |
| # For production messaging systems, a high-security mechanism such as |
| # DIGEST-MD5 or PLAIN+SSL should be used. |
| # |
| # |
| pwcheck_method: auxprop |
| auxprop_plugin: sasldb |
| sasldb_path: /var/lib/qdrouterd/qdrouterd.sasldb |
| mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN |
| |
| |
| |
| #--------------------------------- |
| # Please Note |
| #--------------------------------- |
| # |
| # 1. If you use a nonstandard location for your sasl_config directory, |
| # you can point qdrouterd to it by using the container->saslConfigPath |
| # configuration attribute. |
| # |
| # If your nonstandard sasl directory is $MY_SASL_DIR, put a copy |
| # of this file at $MY_SASL_DIR/qdrouterd.conf, alter the mech list as |
| # appropriate for your installation, and then use the saslpasswd2 |
| # command to add new user+passwd pairs: |
| # echo $PASSWD | saslpasswd2 -c -p -f $MY_SASL_DIR/qdrouterd.sasldb -u QPID $USERNAME |
| # |
| # |
| # 2. The standard location for the qdrouterd sasldb file is |
| # /var/lib/qdrouterd/qdrouterd.sasldb |
| # |
| # 3. You can see what usernames have been stored in the sasldb, with the |
| # command "sasldblistusers2 -f /var/lib/qdrouterd/qdrouterd.sasldb" |
| # |
| # 4. The sasldb file must be readable by the user running the qdrouterd |
| # daemon, ( the user name is qdrouterd ) and should be readable only |
| # by that user. |
| # |
| # 5. The EXTERNAL mechanism allows you to use SSL transport layer |
| # security. In that case, you can also set the broker option |
| # --ssl-require-client-authentication . |
| |
| |
| |
| # The following line stops spurious 'sql_select option missing' errors when |
| # cyrus-sql-sasl plugin is installed |
| sql_select: dummy select |
| |
| |
| |