Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-13621

Docs: SASL policy examples need to be updated

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Duplicate
    • Icon: Minor Minor
    • None
    • None
    • Documentation
    • None

      'policy' is now an XML attribute on the SASL element

      Old

      <sasl server-name="myhotrodserver"
      mechanisms="PLAIN DIGEST-MD5 GSSAPI EXTERNAL"
      qop="auth">
      <!-- Defines policies for SASL mechanisms. -->
      <policy>
      <no-active value="true" />
      <no-anonymous value="true" />
      <no-plain-text value="true" />
      </policy>
      </sasl>

      New

      <sasl server-name="myhotrodserver" mechanisms="PLAIN DIGEST-MD5 GSSAPI EXTERNAL" qop="auth" strength="high medium low" policy="forward-secrecy no-active no-anonymous no-dictionary no-plain-text pass-credentials">

      Elytron SASL implementations of the mechs, and the absence of the property is identical to it being false

      Each property's value is either "true" or "false". If a property is absent, then the resulting mechanism need not have that characteristic (that is, the value is effectively "false").

      javax.security.sasl.policy.noanonymous
      Specifies that the selected SASL mechanism must not accept anonymous logins.

      the only mechs that support no-anonymous=false are EXTERNAL and ANONYMOUS

              dnaro@redhat.com Donald Naro
              dnaro@redhat.com Donald Naro
              Archiver:
              rhn-support-adongare Amol Dongare

                Created:
                Updated:
                Resolved:
                Archived: