From 50083a9b6553d832856bc7d402dd186f74d80254 Mon Sep 17 00:00:00 2001
From: Alan Conway <aconway@apache.org>
Date: Tue, 6 Dec 2011 15:56:40 +0000
Subject: QPID-3652: Fix cluster authentication.

Only allow brokers that authenticate as the cluster-username to join a cluster.

New broker first connects to  a cluster broker authenticates as the cluster-username
and sends its CPG member ID to the qpid.cluster-credentials exchange.
The cluster broker that subsequently acts as updater verifies that the credentials are
valid before connecting to give the update.

NOTE 1: If you are using an ACL, the cluster-username must be allowed to
publish to the qpid.cluster-credentials exchange. E.g. in your ACL file:

acl allow foo@QPID publish exchange name=qpid.cluster-credentials

NOTE 2: This changes the cluster initialization protocol, you will
need to restart the cluster with all new version brokers.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1210989 13f79535-47bb-0310-9956-ffa450edef68
---
 cpp/xml/cluster.xml | 1 +
 1 file changed, 1 insertion(+)

(limited to 'cpp/xml')

diff --git a/cpp/xml/cluster.xml b/cpp/xml/cluster.xml
index 3865916d97..7b3f2fe63b 100644
--- a/cpp/xml/cluster.xml
+++ b/cpp/xml/cluster.xml
@@ -65,6 +65,7 @@
       <field name="store-state" type="store-state"/>
       <field name="shutdown-id" type="uuid"/>
       <field name="first-config" type="str16"/>
+      <field name="urls" type="array"/>	       <!-- Array of str16 -->
     </control>
 
     <!-- New member or updater is ready as an active member. -->
-- 
cgit v1.2.1