Appendix A. Using Cyrus SASL to Provide Authentication
AMQ Interconnect uses the Cyrus SASL library for SASL authentication. Therefore, if you want to use SASL, you must set up the Cyrus SASL database and configure it.
A.1. Generating a SASL Database
To generate a SASL database to store credentials, enter the following command:
$ sudo saslpasswd2 -c -f SASL_DATABASE_NAME.sasldb -u DOMAIN_NAME USER_NAME
This command creates or updates the specified SASL database, and adds the specified user name to it. The command also prompts you for the user name’s password.
The full user name is the user name you entered plus the domain name (USER_NAME@DOMAIN_NAME). Providing a domain name is not required when you add a user to the database, but if you do not provide one, a default domain will be added automatically (the hostname of the machine on which the tool is running). For example, in the command above, the full user name would be user1@domain.com.
A.2. Viewing Users in a SASL Database
To view the user names stored in the SASL database:
$ sudo sasldblistusers2 -f qdrouterd.sasldb user2@domain.com: PASSWORD user1@domain.com: PASSWORD
A.3. Configuring a SASL Database
To use the SASL database to provide authentication in AMQ Interconnect:
-
Open the
/etc/sasl2/qdrouterd.confconfiguration file. Set the following attributes:
pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: SASL_DATABASE_NAME mech_list: MECHANISM1 ...
sasldb_pathThe name of the SASL database to use.
For example:
sasldb_path: qdrouterd.sasldb
mech_listThe SASL mechanisms to enable for authentication. To add multiple mechanisms, separate each entry with a space.
For example:
mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN
