Description of problem: Even after qpid authentication clean-up (bug 846465) there is situation when qpidd produce misleading error: from c++ client warning Closing connection due to internal-error: Sasl error: SASL(-4): no mechanism available: No worthy mechs found (qpid/SaslFactory.cpp:280) from python client Failed: AuthenticationFailure - Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found This message seems to be general SASL client error also shown in case when some authentication mechanisms are restricted in /etc/sasl2/qpidd.conf: /etc/sasl2/qpidd.conf:mech_list: DIGEST-MD5 PLAIN and client ommited to specify user credentials: qpid-send --content-string "A" --connection-options "{sasl_mechanisms:DIGEST-MD5}" -a "myq;{create: sender, delete:sender}" qpid-stat -g [--sasl-mechanism=DIGEST-MD5] Error message above listed refer to situation when there is no common authentication mechanism on server and client side. But as seen above and also below same error is reported when there is common uthentication mechanism on server and client side but just credentials are not supplied. Version-Release number of selected component (if applicable): python-qpid-0.18-4.el6.noarch python-qpid-qmf-0.18-13.el6.x86_64 qpid-cpp-client-0.18-13.el6.x86_64 qpid-cpp-client-devel-0.18-13.el6.x86_64 qpid-cpp-client-devel-docs-0.18-13.el6.noarch qpid-cpp-client-rdma-0.18-13.el6.x86_64 qpid-cpp-client-ssl-0.18-13.el6.x86_64 qpid-cpp-debuginfo-0.18-13.el6.x86_64 qpid-cpp-server-0.18-13.el6.x86_64 qpid-cpp-server-cluster-0.18-13.el6.x86_64 qpid-cpp-server-devel-0.18-13.el6.x86_64 qpid-cpp-server-ha-0.18-13.el6.x86_64 qpid-cpp-server-rdma-0.18-13.el6.x86_64 qpid-cpp-server-ssl-0.18-13.el6.x86_64 qpid-cpp-server-store-0.18-13.el6.x86_64 qpid-cpp-server-xml-0.18-13.el6.x86_64 qpid-java-client-0.18-6.el6.noarch qpid-java-common-0.18-6.el6.noarch qpid-java-example-0.18-6.el6.noarch qpid-jca-0.18-7.el6.noarch qpid-jca-xarecovery-0.18-7.el6.noarch qpid-jca-zip-0.18-7.el6.noarch qpid-qmf-0.18-13.el6.x86_64 qpid-qmf-debuginfo-0.18-13.el6.x86_64 qpid-qmf-devel-0.18-13.el6.x86_64 qpid-tests-0.18-2.el6.noarch qpid-tools-0.18-7.el6_3.noarch rh-qpid-cpp-tests-0.18-13.el6.x86_64 ruby-qpid-qmf-0.18-13.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1. change mech_list: /etc/sasl2/qpidd.conf:mech_list: DIGEST-MD5 PLAIN make sure auth=yes is in place for /etc/qpidd.conf make sure cyrus-sasl-md5 is installed 2. service qpidd restart 3. qpid-stat -g --sasl-mechanism=DIGEST-MD5 pid-send --connection-options "{sasl_mechanisms:DIGEST-MD5}" -a "Q;{create: sender, delete:sender}" 4. error should not be misleading See below transcript for details... Actual results: Misleading authentication error when credentials are not provided (but mechanism can be used). Expected results: Corrent and clear authentication error when credentials are not provided (but mechanism can be used). Additional info: # server machine (check on the same machine) [root@dhcp-37-178 ~]# grep ^mech_list $(rpm -qlc qpid-cpp-server) /etc/sasl2/qpidd.conf:mech_list: DIGEST-MD5 PLAIN [root@dhcp-37-178 ~]# sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb guest@QPID: userPassword [root@dhcp-37-178 ~]# grep = /etc/qpidd.conf mgmt-pub-interval=5 cluster-name=mycluster_X.178_X.179_X.181_X.192 log-enable=debug+ log-to-file=/var/lib/qpidd/qpidd.log auth=yes max-negotiate-time=60000 [root@dhcp-37-178 ~]# rpm -qa | grep cyrus-sasl cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 [root@dhcp-37-178 ~]# qpid-stat -g Failed: AuthenticationFailure - Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found [root@dhcp-37-178 ~]# qpid-stat -g --sasl-mechanism=DIGEST-MD5 Failed: AuthenticationFailure - Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found [root@dhcp-37-178 ~]# qpid-stat -g -b guest/guest@localhost --sasl-mechanism=DIGEST-MD5 Broker Summary: uptime cluster connections sessions exchanges queues ========================================================================================================================== 10m 24s mycluster_X.178_X.179_X.181_X.192<ACTIVE> 1 1 9 10 # client machine (check client<->server) [root@dhcp-37-181 ~]# rpm -qa | grep cyrus-sasl cyrus-sasl-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 [root@dhcp-37-181 ~]# /opt/rh-qpid/clients/qpid-send --broker dhcp-37-178 --log-enable info+ --content-string "A" --connection-options "" -a "myq;{create: sender, delete:sender}" ; echo $? 2013-01-21 05:56:57 [Client] warning Closing connection due to internal-error: Sasl error: SASL(-4): no mechanism available: No worthy mechs found (qpid/SaslFactory.cpp:280) qpid-send: internal-error: Sasl error: SASL(-4): no mechanism available: No worthy mechs found (qpid/SaslFactory.cpp:280) 1 [root@dhcp-37-181 ~]# /opt/rh-qpid/clients/qpid-send --broker dhcp-37-178 --log-enable info+ --content-string "A" --connection-options "{}" -a "myq;{create: sender, delete:sender}" ; echo $? 2013-01-21 05:57:04 [Client] info Trying to connect to dhcp-37-178... 2013-01-21 05:57:04 [Client] warning Closing connection due to internal-error: Sasl error: SASL(-4): no mechanism available: No worthy mechs found (qpid/SaslFactory.cpp:280) qpid-send: internal-error: Sasl error: SASL(-4): no mechanism available: No worthy mechs found (qpid/SaslFactory.cpp:280) 1 [root@dhcp-37-181 ~]# /opt/rh-qpid/clients/qpid-send --broker dhcp-37-178 --log-enable info+ --content-string "A" --connection-options "{username:guest}" -a "myq;{create: sender, delete:sender}" ; echo $? 2013-01-21 05:57:15 [Client] info Trying to connect to dhcp-37-178... Please enter your password 2013-01-21 05:57:17 [Security] info Installing security layer, SSF: 128 2013-01-21 05:57:17 [Client] info Connected to dhcp-37-178 0 [root@dhcp-37-181 ~]# /opt/rh-qpid/clients/qpid-send --broker dhcp-37-178 --log-enable info+ --content-string "A" --connection-options "{username:guest, password:guest}" -a "myq;{create: sender, delete:sender}" ; echo $? 2013-01-21 05:57:26 [Client] info Trying to connect to dhcp-37-178... 2013-01-21 05:57:26 [Security] info Installing security layer, SSF: 128 2013-01-21 05:57:26 [Client] info Connected to dhcp-37-178 0 [root@dhcp-37-181 ~]# /opt/rh-qpid/clients/qpid-send --broker dhcp-37-178 --log-enable info+ --content-string "A" --connection-options "{sasl_mechanisms:DIGEST-MD5}" -a "myq;{create: sender, delete:sender}" ; echo $? 2013-01-21 06:12:49 [Client] info Trying to connect to dhcp-37-178... 2013-01-21 06:12:49 [Client] warning Closing connection due to internal-error: Sasl error: SASL(-4): no mechanism available: No worthy mechs found (qpid/SaslFactory.cpp:280) qpid-send: internal-error: Sasl error: SASL(-4): no mechanism available: No worthy mechs found (qpid/SaslFactory.cpp:280) 1 [root@dhcp-37-181 ~]# /opt/rh-qpid/clients/qpid-send --broker dhcp-37-178 --log-enable info+ --content-string "A" --connection-options "{sasl_mechanisms:DIGEST-MD5, username:guest}" -a "myq;{create: sender, delete:sender}" ; echo $? 2013-01-21 06:13:32 [Client] info Trying to connect to dhcp-37-178... Please enter your password 2013-01-21 06:13:34 [Security] info Installing security layer, SSF: 128 2013-01-21 06:13:34 [Client] info Connected to dhcp-37-178 0 [root@dhcp-37-181 ~]# /opt/rh-qpid/clients/qpid-send --broker dhcp-37-178 --log-enable info+ --content-string "A" --connection-options "{sasl_mechanisms:DIGEST-MD5, username:guest, password:guest}" -a "myq;{create: sender, delete:sender}" ; echo $? 2013-01-21 06:13:42 [Client] info Trying to connect to dhcp-37-178... 2013-01-21 06:13:42 [Security] info Installing security layer, SSF: 128 2013-01-21 06:13:42 [Client] info Connected to dhcp-37-178 0
Same problem appears in auth=no mode, see bug 908749 comment 0, specifically cases ABCD6 and ABCD9.
Manually retested this forgotten bug using the latest 3.2.0 packages on both rhel6 archs, and rhel7. "No worthy mechs found" is not always showing up. Instead, meaningful errors are reported like "qpid-send: Can't authenticate using PLAIN DIGEST-MD5" Desired mechanism(s) not valid: CRAM-MD5 (supported: DIGEST-MD5 PLAIN) (/builddir/build/BUILD/qpid-cpp-0.34/src/qpid/client/ConnectionHandler.cpp:260) Anonymous connections disabled, missing credentials qpid-cpp-server-0.34-1.el6.i686 qpid-cpp-client-0.34-1.el6.i686 python-qpid-0.34-1.el6.noarch Marking as verified
can this be marked as closed yet ?