Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-13253

[7.1] Add information how and when to use SASL mechanisms

    XMLWordPrintable

Details

    Description

      Book: How to Configure Server Security
      Revision: 3054cc5
      Section: A.2.1. Support Level for SASL Authentication Mechanisms

      This issue follows up on original JBEAP-7694.

      Information how and when to use SASL mechanisms. Hopefully DEV team can provide these information. The form could be for instance a set of examples - e.g. (this are just few pieces based on testing):

      • when you want to authenticate with Kerberos, use one of GSSAPI, GS2-KRB5, GS2-KRB5-PLUS
      • for SSL/TLS client certificate authentication use EXTERNAL mechanism
      • when you need a password credentials propagation to be working on server, use PLAIN mechanism
      • for authentication without credentials use ANONYMOUS mechanism
      • when mechanism has its channel binding variant (-PLUS), use it always when the underlying connection is a SSL/TLS one

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-14342 [EO12] Add information how and when to use SASL mechanisms

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Requirement - Used for conducting internal reviews of our products and process with 3rd party auditors JBEAP-7694 [DOC RFE] Provide a set of SASL authentication mechanisms

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              lcosti.redhat Lucas Costi (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: