Bug 710429
| Summary: | qpid-cluster, qpid-tool and qmf-tool do not allow SASL mechanism to be chosen | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Gordon Sim <gsim> |
| Component: | qpid-tools | Assignee: | Ernie <eallen> |
| Status: | CLOSED ERRATA | QA Contact: | mick <mgoulish> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 2.0 | CC: | eallen, iboverma, jross, lzhaldyb, mgoulish |
| Target Milestone: | 3.0 | Keywords: | Improvement, Patch |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | qpid-tools-0.22-3.el6, qpid-tools-0.22-3.el5 | Doc Type: | Enhancement |
| Doc Text: |
The qpid-tool did not allow the SASL mechanism to be chosen on the command line. It was not possible to override the default logic of choosing the most secure method available. The enhancement adds the --sasl-mechanism and --ssl-certificate command line options. The SASL mechanism and certificate file can now be specified on the command line to override the default.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-09-24 15:03:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Attachments: | |||
|
Description
Gordon Sim
2011-06-03 11:28:42 UTC
Created attachment 691644 [details]
Adds --sasl-mechanism to qpid-tool and changes qpid-config usage text
For qpid-tool, added --sasl-mechanism and --ssl-certificate options. the cert can still be passed at the end of the command line.
For qpid-config, changed the usage text to show passing a username/password with the broker address.
Correction: qpid-cluster was changed to show the username/password. Created attachment 696160 [details] Adds --sasl-mechanism --ssl-certificate and --ssl-key to qpid-tool and changes qpid-config usage text Added --ssl-key to patch to match fix from bug 895535 The patch unfortunately no longer applies against current trunk (there was some cert work in the meantime), and I can't easily tell how to resolve it. Ernie, please generate a new patch. Created attachment 738574 [details]
Adds --broker and --sasl-mechanism to qpid-tool
Refactored patch to work with current trunk
The title of this BZ is out-of-date. While the developer was working on it, his work collided with another developer's work, which added the --sasl-mechanism ability to qpid-cluster and qmf-tool. His final patch for this bug *only* affects qpid-tool . Bug observed on latest-stable packages on RHEL 6.4 (see below for package lists )
Fix observed on RHEL 6.4 x { x86_64 , i686 }
packages
{
latest-stable
{
cyrus-sasl-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64
python-qpid-0.18-4.el6.noarch
python-qpid-qmf-0.18-15.el6.x86_64
python-saslwrapper-0.18-1.el6_3.x86_64
qpid-cpp-client-0.18-14.el6.x86_64
qpid-cpp-client-devel-0.18-14.el6.x86_64
qpid-cpp-client-devel-docs-0.18-14.el6.noarch
qpid-cpp-client-rdma-0.18-14.el6.x86_64
qpid-cpp-client-ssl-0.18-14.el6.x86_64
qpid-cpp-debuginfo-0.14-22.el6_3.x86_64
qpid-cpp-server-0.18-14.el6.x86_64
qpid-cpp-server-cluster-0.18-14.el6.x86_64
qpid-cpp-server-devel-0.18-14.el6.x86_64
qpid-cpp-server-rdma-0.18-14.el6.x86_64
qpid-cpp-server-ssl-0.18-14.el6.x86_64
qpid-cpp-server-store-0.18-14.el6.x86_64
qpid-cpp-server-xml-0.18-14.el6.x86_64
qpid-java-client-0.18-7.el6.noarch
qpid-java-common-0.18-7.el6.noarch
qpid-java-example-0.18-7.el6.noarch
qpid-jca-0.18-8.el6.noarch
qpid-jca-xarecovery-0.18-8.el6.noarch
qpid-proton-c-0.4-2.2.el6.x86_64
qpid-proton-c-devel-0.4-2.2.el6.x86_64
qpid-qmf-0.18-15.el6.x86_64
qpid-qmf-debuginfo-0.14-14.el6_3.x86_64
qpid-qmf-devel-0.18-15.el6.x86_64
qpid-tests-0.18-2.el6.noarch
qpid-tools-0.18-8.el6.noarch
saslwrapper-0.18-1.el6_3.x86_64
saslwrapper-devel-0.18-1.el6_3.x86_64
}
latest-and-greatest
{
32-bit
{
cyrus-sasl-2.1.23-13.el6_3.1.i686
cyrus-sasl-devel-2.1.23-13.el6_3.1.i686
cyrus-sasl-gssapi-2.1.23-13.el6_3.1.i686
cyrus-sasl-lib-2.1.23-13.el6_3.1.i686
cyrus-sasl-md5-2.1.23-13.el6_3.1.i686
cyrus-sasl-plain-2.1.23-13.el6_3.1.i686
python-qpid-0.22-4.el6.noarch
python-qpid-qmf-0.22-7.el6.i686
python-saslwrapper-0.22-3.el6.i686
qpid-cpp-client-0.22-8.el6.i686
qpid-cpp-client-devel-0.22-8.el6.i686
qpid-cpp-client-devel-docs-0.22-8.el6.noarch
qpid-cpp-client-rdma-0.22-8.el6.i686
qpid-cpp-client-ssl-0.22-8.el6.i686
qpid-cpp-debuginfo-0.22-8.el6.i686
qpid-cpp-server-0.22-8.el6.i686
qpid-cpp-server-devel-0.22-8.el6.i686
qpid-cpp-server-ha-0.22-8.el6.i686
qpid-cpp-server-rdma-0.22-8.el6.i686
qpid-cpp-server-ssl-0.22-8.el6.i686
qpid-cpp-server-store-0.22-8.el6.i686
qpid-cpp-server-xml-0.22-8.el6.i686
qpid-cpp-tar-0.22-8.el6.noarch
qpid-java-client-0.22-5.el6.noarch
qpid-java-common-0.22-5.el6.noarch
qpid-java-example-0.22-5.el6.noarch
qpid-proton-c-0.4-2.2.el6.i686
qpid-proton-c-devel-0.4-2.2.el6.i686
qpid-proton-debuginfo-0.4-2.2.el6.i686
qpid-qmf-0.22-7.el6.i686
qpid-qmf-debuginfo-0.22-7.el6.i686
qpid-qmf-devel-0.22-7.el6.i686
qpid-snmpd-1.0.0-12.el6.i686
qpid-snmpd-debuginfo-1.0.0-12.el6.i686
qpid-tests-0.22-4.el6.noarch
qpid-tools-0.22-3.el6.noarch
rh-qpid-cpp-tests-0.22-8.el6.i686
saslwrapper-0.22-3.el6.i686
}
64-bit
{
cyrus-sasl-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64
python-qpid-0.22-4.el6.noarch
python-qpid-qmf-0.22-7.el6.x86_64
python-saslwrapper-0.22-3.el6.x86_64
qpid-cpp-client-0.22-8.el6.x86_64
qpid-cpp-client-devel-0.22-8.el6.x86_64
qpid-cpp-client-devel-docs-0.22-8.el6.noarch
qpid-cpp-client-rdma-0.22-8.el6.x86_64
qpid-cpp-client-ssl-0.22-8.el6.x86_64
qpid-cpp-debuginfo-0.22-8.el6.x86_64
qpid-cpp-server-0.22-8.el6.x86_64
qpid-cpp-server-devel-0.22-8.el6.x86_64
qpid-cpp-server-ha-0.22-8.el6.x86_64
qpid-cpp-server-rdma-0.22-8.el6.x86_64
qpid-cpp-server-ssl-0.22-8.el6.x86_64
qpid-cpp-server-store-0.22-8.el6.x86_64
qpid-cpp-server-xml-0.22-8.el6.x86_64
qpid-cpp-tar-0.22-8.el6.noarch
qpid-java-client-0.22-5.el6.noarch
qpid-java-common-0.22-5.el6.noarch
qpid-java-example-0.22-5.el6.noarch
qpid-proton-c-0.4-2.2.el6.x86_64
qpid-proton-c-devel-0.4-2.2.el6.x86_64
qpid-proton-debuginfo-0.4-2.2.el6.x86_64
qpid-qmf-0.22-7.el6.x86_64
qpid-qmf-debuginfo-0.22-7.el6.x86_64
qpid-qmf-devel-0.22-7.el6.x86_64
qpid-snmpd-1.0.0-12.el6.x86_64
qpid-snmpd-debuginfo-1.0.0-12.el6.x86_64
qpid-tests-0.22-4.el6.noarch
qpid-tools-0.22-3.el6.noarch
rh-qpid-cpp-tests-0.22-8.el6.x86_64
saslwrapper-0.22-3.el6.x86_64
saslwrapper-devel-0.22-3.el6.x86_64
}
}
}
(In reply to Ernie from comment #4) > Created attachment 696160 [details] > Adds --sasl-mechanism --ssl-certificate and --ssl-key to qpid-tool and > changes qpid-config usage text > > Added --ssl-key to patch to match fix from bug 895535 Hmm, there doesn't seem to be specific mention in the MICG about the new parameters for qpid-tool. There is a section describing how to use qpid-tool, but not specifically how or when to use SASL http://docbuilder.usersys.redhat.com/18173/#Using_qpid_tool There is a section dealing with configuring SASL itself, but I don't think this is the place to talk about qpid-tool commands. http://docbuilder.usersys.redhat.com/18173/#sect-Simple_Authentication_and_Security_Layer_-_SASL Are we relying on customers looking at the --help for the tool to learn about the features? If we should document these parameters specifically, I can do this after the 3.0 GA. (In reply to Jared MORGAN from comment #11) > (In reply to Ernie from comment #4) > > Created attachment 696160 [details] > > Adds --sasl-mechanism --ssl-certificate and --ssl-key to qpid-tool and > > changes qpid-config usage text > > > > Added --ssl-key to patch to match fix from bug 895535 > > Hmm, there doesn't seem to be specific mention in the MICG about the new > parameters for qpid-tool. > > There is a section describing how to use qpid-tool, but not specifically how > or when to use SASL > > http://docbuilder.usersys.redhat.com/18173/#Using_qpid_tool > > There is a section dealing with configuring SASL itself, but I don't think > this is the place to talk about qpid-tool commands. > > http://docbuilder.usersys.redhat.com/18173/#sect- > Simple_Authentication_and_Security_Layer_-_SASL > > Are we relying on customers looking at the --help for the tool to learn > about the features? > > If we should document these parameters specifically, I can do this after the > 3.0 GA. The new parameters for qpid-tool should be documented in the #Using_qpid_tool section. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-1296.html |