[英]Kerberos authentication for solace queue
Hi I am trying to make a secure connection to a solace queue using Kerberos. 嗨,我正在尝试使用Kerberos建立与安慰队列的安全连接。 I have developed a client side application using Solace JMS APIs.
我已经使用Solace JMS API开发了一个客户端应用程序。 As far as I know we need to implement following steps for secure connection:
据我所知,我们需要执行以下步骤进行安全连接:
1) Add a keytab to Solace Keytab directory 1)将密钥表添加到Solace密钥表目录
2) Use SolAdmin to execute certain config commands on Solace 2)使用SolAdmin在Solace上执行某些配置命令
3) Import Kerberos library and set certain properties on your client side application. 3)导入Kerberos库并在客户端应用程序上设置某些属性。
Following are my doubts regarding the topic 以下是我对该主题的怀疑
1) I want to know if these are the steps we need to follow for a secure connection? 1)我想知道我们是否需要按照以下步骤进行安全连接?
2) What role does a keytab play in establishing an secure connection? 2)密钥表在建立安全连接中扮演什么角色?
3) How do I set an username and password for secure connection using kerberos or is it provided by default? 3)如何设置使用kerberos进行安全连接的用户名和密码,或者默认提供?
4) Other than importing the kerberos libraries and setting some properties, is there anything that should be done as part of client side application? 4)除了导入kerberos库和设置一些属性外,作为客户端应用程序的一部分应该做些什么吗?
Keytab is used because Solace appliance as an "APP" cannot use user/pass authentication, so all the auth is in the keytab. 使用密钥表是因为Solace设备作为“ APP”不能使用用户/通过身份验证,因此所有身份验证都在密钥表中。
the logic interaction between Kerberos and Solace is as follows: Kerberos和Solace之间的逻辑交互如下:
To use Kerberos to authenticate clients connecting to a Solace router, the following configurations are required: 要使用Kerberos验证连接到Solace路由器的客户端,需要进行以下配置:
client-side configuration 客户端配置
Solace router configuration Solace路由器配置
1. SolOS 7.0 or greater must be used.
2. A Kerberos Keytab must be loaded on the router.
3. Kerberos authentication must be configured and enabled for any Message VPNs that Kerberos-authenticated clients will connect to.
4. Optionally, a Kerberos Service Principal Name (SPN) can be assigned to the IP address for the message backbone VRF that will be
used for Kerberos authenticated clients.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.