THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
ACL supports realms and allows for granular permission to be set on all the broker actions including management on an user or group basis.
How to setup Kerberos with the Java client
You could force the java client to use kerberos auth by specifying it in the connection URL as follows.
| Code Block |
|---|
amqp://guest:guest@clientid/testpath?brokerlist='tcp://localhost:5672?'&sasl_mechs='GSSAPI'
|
You would then need to pass in the following jvm arguments
| Code Block |
|---|
-Djavax.security.auth.useSubjectCredsOnly=false
# (This will force the SASL GASSPI client to obtain the kerberos credentials explicitly instead of obtaining from the "subject" that owns the currents thread)
-Djava.security.auth.login.config=myjas.conf (this specifies the jass config file)
-Dsun.security.krb5.debug=true (to enable detailed debug info for troubleshooting)
|
Before running the java client you would need to do kinit and grab a kerberos ticket. Alternative you could set useTicketCache=false and when the client loads, it will prompt you for the user/pass and will obtain the ticket
(You would also need to setup your kerberos environment properly -refer to doc links below).
Sample JASS Config file
| Code Block |
|---|
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};
|
Performance
Does Qpid Perform (Latency/Throughput)?
...