-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support TextFileCertificateLoginModule without using init container #724
Comments
wondering if there really is a need to change the jaas-domain, the TextFileCertificateLoginModule can be added as a sufficient module in the default "activemq" domain. The generic jaas callback will be able to provide it with the certs from any tls endpoint. |
Added some details I want to use https://activemq.apache.org/components/artemis/documentation/latest/security.html#dual-authentication, following the doc https://github.com/artemiscloud/activemq-artemis-operator/blob/main/docs/help/operator.md#configuring-jaas-for-brokers Using the below configuration:
Then I connected the amq with certificates, I got
Then I only keep the TextFileCertificateLoginModule plugin
then I got
It seems I need to configure the amq |
@skeeey your first configuration with both login modules in the |
@brusdev, thanks your feedback, I will have a try |
I changed to
when I pub a message with MQTT mosquitto_pub --cafile server-ca.crt --cert client-cert.pem --key client-key.pem -h "" -p 443 -t 'test' -m 'hello' -d my cr is https://github.com/skeeey/acm-scaffold/blob/master/amq-broker/amq.yaml BTW. if I only enable the mTLS it works |
@skeeey if mTLS works that issue should be due to a mismatch between the certificate and the user properties file of the TextFileCertificateLoginModule. For further details you can ask ActiveMQ users mailing list. |
Is your feature request related to a problem? Please describe.
Currently adding TextFileCertificateLoginModule login module using jaas-config secret is not enought, user has to modify bootstrap.xml to add certificate-domain like this as required:
Using custom init image it can be done. A better solution should be provided to eliminate the use of init image.
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
Optional. A clear and concise description of any alternative solutions or features you've considered.
Additional context
Optional. Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: