THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Component | ANONYMOUS | CRAM-MD5 | DIGEST-MD5 | EXTERNAL | GSSAPI/Kerberos | PLAIN | ||
|---|---|---|---|---|---|---|---|---|
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="803e9d87a77d48e5-3a65e084-43a947c8-a3cc9072-48297b0e83e9422d758db37f"><ac:plain-text-body><![CDATA[ | C++ Broker | M3[[#1]] | M3[[#1],[#2]] |
|
|
| M1 | ]]></ac:plain-text-body></ac:structured-macro> |
C++ Client |
|
|
|
|
| M1 | ||
Java Broker |
| M1 |
|
|
| M1 | ||
Java Client |
| M1 |
|
|
| M1 | ||
.Net Client | M2 | M2 | M2 | M2 |
| M2 | ||
Python Client |
|
|
|
|
| ? | ||
Ruby Client |
|
|
|
|
| ? |
...
The CRAM-MD5-HASHED SASL plugin removes the need for the plain text password to be stored on disk. The mechanism defers all functionality to the build in CRAM-MD5 module the only change is on the client side where it generates the hash of the password and uses that value as the password. This means that the Java Broker only need store the password hash on the file system. While a one way hash is not very secure compared to other forms of encryption in environments where the having the password in plain text is unacceptable this will provide and additional layer to protect the password. In particular this offers some protection where the same password may be shared amongst many systems. It offers no real extra protection against attacks on the broker (the secret is now the hash rather than the password).