https://web.mit.edu/kerberos/krb5-devel/doc/mitK5defaults.html#mitk5defaults
Absolutly the best summary of knowledge which you can find about (cyrus-sasl): https://www.arschkrebs.de/slides/surviving_cyrus_sasl-handout.pdf
- Installed qpid-dispatch (qdrouterd)
- Installed cyrus-sasl cyrus-sasl-gssapi
- Configured Kerberos enviroment (TODO readme)
- Prepared keytabs for qdrouterd, clients (It depends on your Kerberos enviroment)
- /etc/qpid-dispatch/qdrouterd.conf
- configure router { saslConfigPath: /etc/sasl2; saslConfigName: qdrouterd}
- set listener {authenticatePeer:yes; saslMechanisms: GSSAPI}
- /etc/sasl2/kerberos_qdrouterd.conf
- set keytab: /etc/keytabs/qdrouterd.keytab
- set mech_list: GSSAPI
- /etc/examplecom_krb5.conf (Example with Kerberos FreeIPA enviroment)
KRB5_CONFIG=/etc/examplecom_krb5.conf qdrouterd
https://github.com/pematous/cli-proton-python
KRB5_CONFIG=/etc/examplecom_krb5.conf KRB5_KTNAME=/etc/keytabs/client1.keytab cli-proton-python-sender -b server.example.com:5672/example --conn-allowed-mechs=GSSAPI --log-msgs=dict --timeout=10 -c 10
KRB5_CONFIG=/etc/examplecom_krb5.conf KRB5_KTNAME=/etc/keytabs/client2.keytab cli-proton-python-receiver -b server.example.com:5672/example --conn-allowed-mechs=GSSAPI --log-msgs=dict --timeout=10 -c 10