| Summary: | Cluster authentication mechanism DIGEST-MD5 sometimes fails | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Zdenek Kraus <zkraus> | ||||
| Component: | qpid-cpp | Assignee: | messaging-bugs <messaging-bugs> | ||||
| Status: | NEW --- | QA Contact: | MRG Quality Engineering <mrgqe-bugs> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 2.0 | CC: | pmoravec | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | Type: | --- | |||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Created attachment 526847 [details] reproducer Description of problem: Broker accepts --cluster-mechanism=DIGEST-MD5. When brokers negotiating cluster, they starts to communicating with MD5, but in 60% fail because of unsupported auth mechanism. Version-Release number of selected component (if applicable): qpid-cpp-server-*-0.10-9.el5 qpid-cpp-server-*-0.10-4.el6_1.1 How reproducible: ~60% Steps to Reproduce: 1. set sasl mechanism for qpidd to DIGEST-MD5. Into /etc/sasl2/qpidd.conf append mech_list: DIGEST-MD5 2. check if sasldb of qpidd has guest:guest credential. Ortherwise saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb 3. Start main broker with --cluster-mechanism=DIGEST-MD5 --cluster-username=guest --cluster-password=guest 4. Start backup broker with --cluster-mechanism=DIGEST-MD5 --cluster-username=guest --cluster-password=guest 5. repeat launching brokers until they failed to authenticate Actual results: 2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 INIT) cluster-uuid = 0022b2b4-e72f-4d7a-8b56-e4c4b43edfb4 2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 JOINER) joining cluster auth-cluster-hostname 2011-10-06 14:00:07 notice Broker running 2011-10-06 14:00:07 info cluster(192.168.6.2:2650 JOINER) stall for update offer from 192.168.6.2:2643 to 192.168.6.2:2650 2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 UPDATEE) receiving update from 192.168.6.2:2643 2011-10-06 14:00:07 info SASL: Mechanism list: DIGEST-MD5 2011-10-06 14:00:07 info 192.168.6.2:5673-192.168.6.2:38991 SASL: Authentication succeeded for: guest@QPID 2011-10-06 14:00:07 info Queue "qpid.cluster-update": Policy created: type=reject; maxCount=0; maxSize=104857600 2011-10-06 14:00:07 info Queue "qpid.cluster-update": Flow limit created: flowStopCount=0, flowResumeCount=0, flowStopSize=83886080, flowResumeSize=73400320 2011-10-06 14:00:07 warning Client closed connection with 501: Desired mechanism(s) not valid: DIGEST-MD5 (supported: ANONYMOUS PLAIN) (qpid/client/ConnectionHandler.cpp:250) 2011-10-06 14:00:07 critical cluster(192.168.6.2:2650 UPDATEE) catch-up connection closed prematurely 127.0.0.1:5672-127.0.0.1:42495(192.168.6.2:2650-2 local,catchup) 2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 LEFT) leaving cluster auth-cluster-hostname 2011-10-06 14:00:07 notice Shut down Expected results: Brokers will authenticate correctly, every time. Additional info: Use attached script to reproduce error. Script will perform 16 rounds of authentication. You have manually check /var/lib/qpidd/qpidd.sasldb for credentials. Sasl mechanism for qpidd is set by script.