Book: How to Configure Server Security
Revision: 3054cc5
Section: A.2.1. Support Level for SASL Authentication Mechanisms
This issue follows up on original JBEAP-7694.
Information how and when to use SASL mechanisms. Hopefully DEV team can provide these information. The form could be for instance a set of examples - e.g. (this are just few pieces based on testing):
- when you want to authenticate with Kerberos, use one of GSSAPI, GS2-KRB5, GS2-KRB5-PLUS
- for SSL/TLS client certificate authentication use EXTERNAL mechanism
- when you need a password credentials propagation to be working on server, use PLAIN mechanism
- for authentication without credentials use ANONYMOUS mechanism
- when mechanism has its channel binding variant (-PLUS), use it always when the underlying connection is a SSL/TLS one
- clones
-
JBEAP-13253 [7.1] Add information how and when to use SASL mechanisms
- Closed