Bug 756402
| Summary: | SPQR does not support every authentication mechanism available in qmfengine | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Will Benton <willb> |
| Component: | ruby-spqr | Assignee: | Will Benton <willb> |
| Status: | CLOSED ERRATA | QA Contact: | Martin Kudlej <mkudlej> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 2.0 | CC: | ltoscano, matt, mkudlej |
| Target Milestone: | 2.1.1 | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ruby-spqr-0.3.5; wallaby-0.12.5 | Doc Type: | Bug Fix |
| Doc Text: |
C: The SPQR library and the Wallaby service previously rejected authentication mechanisms other than PLAIN, ANONYMOUS, or GSSAPI.
C: The underlying QMF engine library supported additional mechanisms, which were unavailable to SPQR developers or Wallaby users.
F: The SPQR library and Wallaby service have been changed to not reject any valid SASL mechanism a priori.
R: Any SASL mechanism that is available to QMF and the configured Qpid broker will be available to SPQR and Wallaby.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-02-06 18:18:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 765607 | ||
|
Description
Will Benton
2011-11-23 13:09:09 UTC
Note - wallaby-agent also has an explicit mechanism list Are we going to support all the available mechanism (LOGIN, DIGEST-MD5, CRAM-MD5, ...)?
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
C: The SPQR library and the Wallaby service previously rejected authentication mechanisms other than PLAIN, ANONYMOUS, or GSSAPI.
C: The underlying QMF engine library supported additional mechanisms, which were unavailable to SPQR developers or Wallaby users.
F: The SPQR library and Wallaby service have been changed to not reject any valid SASL mechanism a priori.
R: Any SASL mechanism that is available to QMF and the configured Qpid broker will be available to SPQR and Wallaby.
Wallaby agent has connect to broker which supports just DIGEST-MD5. $ qpid-stat --sasl-mechanism=DIGEST-MD5 -b guest/guest@localhost:5672 -c Connections client-addr cproc cpid auth connected idle msgIn msgOut ================================================================================================== 127.0.0.1:5672-127.0.0.1:48422 qpid-stat 17080 guest@QPID 0s 0s 259 332 127.0.0.1:5672-127.0.0.1:48421 wallaby-agent 17074 guest@QPID 12s 9s 54 28 But wallaby shell cannot connect to broker: wallaby -U guest -P guest -M DIGET-MD5 show-group default-group invalid argument: -M DIGET-MD5 Condor_configure_* work well after install python-saslwrapper: $ condor_configure_pool --default-group -l -U guest -P guest --auth-mechanism DIGEST-MD5 Other info: $ cat /etc/sasl2/qpidd.conf pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: /var/lib/qpidd/qpidd.sasldb #following line stops spurious 'sql_select option missing' errors when #cyrus-sql-sasl plugin is installed sql_select: dummy select mech_list:DIGEST-MD5 $ cat /etc/qpidd.conf cluster-mechanism=ANONYMOUS auth=yes Used packages; ruby-wallaby-0.12.4-1.el5 wallaby-0.12.4-1.el5 wallaby-utils-0.12.4-1.el5 condor-wallaby-client-4.1.2-1.el5 python-wallabyclient-4.1.2-1.el5 condor-wallaby-tools-4.1.2-1.el5 ruby-spqr-0.3.5-1.el5 python-wallaby-0.12.4-1.el5 condor-wallaby-base-db-1.19-1.el5 python-wallaby-0.12.4-1.el6.noarch condor-wallaby-base-db-1.19-1.el6.noarch python-wallabyclient-4.1.2-1.el6.noarch ruby-spqr-0.3.5-1.el6.noarch wallaby-utils-0.12.4-1.el6.noarch wallaby-0.12.4-1.el6.noarch condor-wallaby-tools-4.1.2-1.el6.noarch ruby-wallaby-0.12.4-1.el6.noarch condor-wallaby-client-4.1.2-1.el6.noarch Just to be sure that you know on what Messaging packages I test this: cyrus-sasl-2.1.23-13.el6.i686 cyrus-sasl-plain-2.1.23-13.el6.i686 qpid-tools-0.12-2.el6.noarch python-saslwrapper-0.10-2.el6.i686 qpid-cpp-client-0.12-6.el6.i686 qpid-qmf-0.12-6.el6.i686 python-qpid-qmf-0.12-6.el6.i686 cyrus-sasl-md5-2.1.23-13.el6.i686 saslwrapper-0.10-2.el6.i686 qpid-cpp-server-0.12-6.el6.i686 python-qpid-0.12-1.el6.noarch ruby-qpid-qmf-0.12-6.el6.i686 cyrus-sasl-lib-2.1.23-13.el6.i686 condor-qmf-7.6.5-0.11.el6.i686 cyrus-sasl-gssapi-2.1.23-13.el6.i686 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-2.1.22-5.el5_4.3 python-qpid-0.10-1.el5 qpid-cpp-server-0.10-9.el5 qpid-cpp-client-devel-0.10-9.el5 cyrus-sasl-gssapi-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 qpid-qmf-0.10-11.el5 ruby-qpid-qmf-0.10-11.el5 qpid-tools-0.10-6.el5 cyrus-sasl-md5-2.1.22-5.el5_4.3 saslwrapper-0.10-4.el5 qpid-cpp-client-0.10-9.el5 qpid-qmf-debuginfo-0.10-11.el5 qpid-qmf-devel-0.10-11.el5 python-qpid-qmf-0.10-11.el5 condor-qmf-7.6.5-0.11.el5 python-saslwrapper-0.10-4.el5 Thanks for finding this, Martin. It's fixed in wallaby-0.12.5-1. Tested with PLAIN, ANONYMOUS, DIGEST-MD5 and it works for qpid-0.10 on RHEL 5.7 and qpid-0.12 on RHEL 6.2 and qpid-0.14 on RHEL 5.7/RHEL 6.2. Tested with CRAM-MD5 and it doesn't work for qpid-0.10 on RHEL 5.7 and qpid-0.12 on RHEL 6.2. It works for qpid-0.14 on RHEL 5.7/RHEL 6.2. --> release notes? Tested with qpid-0.10 on RHEL 5.7 and qpid-0.12 on RHEL 6.2 and qpid-0.14 on RHEL 5.7/RHEL 6.2 and wallaby as daemon ends with error because it cannot connect to broker. $ tail /var/log/messages /usr/bin/wallaby-agent[12003]: storing configuration to /var/lib/wallaby/config.db /usr/bin/wallaby-agent[12003]: storing snapshots to /var/lib/wallaby/snap.db /usr/bin/wallaby-agent[12003]: agent exiting with exception #<ArgumentError: Value for attribute 'password' has unsupported type: NilClass> /usr/bin/wallaby-agent[12216]: storing configuration to /var/lib/wallaby/config.db /usr/bin/wallaby-agent[12216]: storing snapshots to /var/lib/wallaby/snap.db /usr/bin/wallaby-agent[12216]: agent exiting with exception #<ArgumentError: Value for attribute 'password' has unsupported type: NilClass> $ cat /etc/sysconfig/wallaby-agent export WALLABY_CONFIGDB_NAME=/var/lib/wallaby/config.db export WALLABY_SNAPDB_NAME=/var/lib/wallaby/snap.db export WALLABY_BROKER_HOST=_hostname_ export WALLABY_BROKER_PORT=5672 export WALLABY_BROKER_MECHANISM=GSSAPI export WALLABY_BROKER_USER=guest export WALLABY_LOGFILE=/var/log/wallaby/agent.log export WALLABY_LOGLEVEL=DEBUG I've got ticket: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: guest Valid starting Expires Service principal 01/19/12 11:49:34 01/20/12 11:49:34 krbtgt/EXAMPLE.COM 01/19/12 11:49:41 01/20/12 11:49:34 qpidd/_hostname_ Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached and also wallaby shell command can connect, just wallaby daemon isn't online: $ wallaby -H `hostname` -M GSSAPI -U guest list-groups ... Console Connection Established... fatal: cannot find a wallaby agent on the specified broker (_hostname_:5672); is one running? use -h for help and standard qpid clients work well. $ qpid-stat --sasl-mechanism=GSSAPI -b guest@`hostname`:5672 -c Connections client-addr cproc cpid auth connected idle msgIn msgOut =========================================================================================================== 10.34.33.251:5672-10.34.33.251:33747 qpid-stat 12345 guest 0s 0s 210 265 --> ASSIGNED I've opened new bug 783164 so I verify this one. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0100.html |