Versions Compared

Old Version 5

changes.mady.by.user Martin Ritchie

Saved on

compared with

New Version 6

changes.mady.by.user Martin Ritchie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Qpid Java Broker has a single reference source (PrincipalDatabase) that defines all the users in the system.

To add a new user to the system it is simply a matter of adding a new entry in the file. Further broker the password file must be updated. The details about adding entries and when these updates take effect are described for each dependent on the file format each of which are described below.

Available Password file formats

There are currently two different file formats available for use depending on the PrincipalDatabase that is desired. In all cases the clients need not be aware of the type of PrincipalDatabase in use they only need support the SASL mechanisms they provide.

Anchor
plain
plain

Plain

The plain file has the following format:

No Format
# Plain password authentication file.
# default name : passwd
# Format <username>:<password>
#e.g.
martin:password

As the contents of the file are plain text and the password is taken to be everything to the right of the ':'(colon). The password, therefore, cannot contain a ':' colon, but this can be used to delimit the password.

Lines starting with a '#' are treated as comments.

This file is currently re-read for every new connection so changes to the file are immediately available to the broker.

Anchor
base64md5
base64md5

Base64MD5

The Base64MD5 file uses the following format:

No Format
# Base64MD5 password authentication file
# default name : qpid.passwd
# Format <username>:<Base64 Encoded MD5 hash of the users password>
#e.g.
martin:X03MO1qnZdYdgyfeuILPmQ==

As with the Plain format the line is delimited by a ':'(colon). The password field contains the MD5 Hash of the users password encoded in Base64.

This file is read on broker start-up and is not re-read.

To create entries for the file there is a update this file there are two options:

  1. Edit the file by hand using the qpid-passwd tool that will generate the required lines

...

  1. . The output from the tool is the text that needs to be copied in to your active password file. (Eventually it is planned for this tool to emulate the functionality of htpasswd for qpid passwd files.) This tools is

...

  1. located in the broker bin directory.
    NOTE: For the changes to be seen by the broker you must either restart the broker or reload the data with the management tools (see Eclipse Managament Console Reload Data Tab)
  1. Use the management tools to create a new user (See the Eclipse Managament Console Create User Tab). The changes will be made by the broker to the password file and the new user will be immediately available to the system.

Dynamic changes to password files.

...

  1. You can replace the file and use the console to reload its contents.
  2. The management console provides an interface to create, delete and amend the users. These changes are written back to the active password file.

...