SASL policies provide fine-grain control over Hot Rod and Memcached authentication mechanisms.
Tip
|
{brandname} cache authorization restricts access to caches based on roles and
permissions.
Configure cache authorization and then set |
Policy | Description | Default value |
---|---|---|
|
Use only SASL mechanisms that support forward secrecy between sessions. This means that breaking into one session does not automatically provide information for breaking into future sessions. |
false |
|
Use only SASL mechanisms that require client credentials. |
false |
|
Do not use SASL mechanisms that are susceptible to simple plain passive attacks. |
false |
|
Do not use SASL mechanisms that are susceptible to active, non-dictionary, attacks. |
false |
|
Do not use SASL mechanisms that are susceptible to passive dictionary attacks. |
false |
|
Do not use SASL mechanisms that accept anonymous logins. |
true |
In the following configuration the Hot Rod endpoint uses the GSSAPI
mechanism for authentication because it is the only mechanism that complies with all SASL policies:
link:xml/hotrod_connector_policies.xml[role=include]
link:json/hotrod_connector_policies.json[role=include]
link:yaml/hotrod_connector_policies.yaml[role=include]