【发布时间】:2020-10-19 02:35:04
【问题描述】:
我们正在向 Jgroups 引入 SASL 安全性,但我们不想直接在 jgroups 配置 xml 中公开密码。保护密码 client_password="password123" 的最佳方法是什么?
<TCP bind_addr="172.25.90.xxx" bind_port="7750"
enable_diagnostics="false" thread_naming_pattern="pl"
send_buf_size="640k" sock_conn_timeout="300"
bundler_type="sender-sends-with-timer"
oob_thread_pool.queue_enabled="false" />
<MPING bind_addr="172.25.90.xxx"
mcast_addr="${jgroups.mping.mcast_addr:228.2.4.6}"
mcast_port="${jgroups.mping.mcast_port:43366}"
ip_ttl="${jgroups.udp.ip_ttl:2}" />
<MERGE3 min_interval="10000" max_interval="30000" />
<FD_SOCK />
<FD_ALL timeout="60000" interval="15000"
timeout_check_interval="5000" />
<VERIFY_SUSPECT timeout="5000" />
<pbcast.NAKACK2 use_mcast_xmit="false"
max_msg_batch_size="100" resend_last_seqno="true" />
<UNICAST3 xmit_interval="500" xmit_table_num_rows="50"
max_msg_batch_size="100" conn_expiry_timeout="0" />
<pbcast.STABLE stability_delay="500"
desired_avg_gossip="5000" max_bytes="1M" />
<SASL mech="DIGEST-MD5" client_name="SANADMA"
client_password="password123" server_callback_handler_class="org.jgroups.auth.sasl.SimpleAuthorizingCallbackHandler"client_callback_handler_class="org.jgroups.auth.sasl.SimpleAuthorizingCallbackHandler"sasl_props="com.sun.security.sasl.digest.realm=test_realm" /><pbcast.GMS print_local_addr="false" join_timeout="${jgroups.join_timeout:5000}" /><MFC max_credits="2m" min_threshold="0.40" /><FRAG2 /></config>
【问题讨论】:
标签: security authentication infinispan sasl jgroups