Bug 1268433

Summary: None of the qpid command line tools work if the broker is configured w/SASL and AMQP1.0
Product: Red Hat Enterprise MRG Reporter: Ken Giusti <kgiusti>
Component: qpid-toolsAssignee: messaging-bugs <messaging-bugs>
Status: NEW --- QA Contact: Messaging QE <messaging-qe-bugs>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.2CC: astitcher, gsim, jross
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ken Giusti 2015-10-02 19:43:18 UTC 
Description of problem:


When using AMQP1.0 clients with qpidd and authenticating with SASL DIGEST-MD5 or GSSAPI, the broker's sasl-service-name must be set to "amqp" for the clients to be authorized.

However, this causes the qpid-tools command line tools to fail as they set the sasl service name to 'qpidd'.

How to reproduce:

Configure broker to use SASL with DIGEST-MD5 as the only acceptable mech.

Attempt to run qpid-config against the broker:

 qpid-config -b amqp://<user>/<pw>@<hostname:port> 

this will fail with an authentication error (check qpidd logs --log-enable info+)
Comment 1 Ken Giusti 2015-10-02 19:51:23 UTC 
Ugh - forgot the most important part:

set sasl-service-name to amqp in the broker config.

Confirm that AMQP1.0 test clients can authenticate using DIGEST-MD5
Comment 2 Ken Giusti 2015-10-08 12:44:37 UTC 
Fix pushed upstream - two patches:

https://svn.apache.org/viewvc?view=revision&revision=r1706480
https://svn.apache.org/viewvc?view=revision&revision=r1706484
Comment 3 Ken Giusti 2015-10-08 17:18:12 UTC 
Reopening.  Andrew has suggested a less intrusive fix.