Bug 834390

Summary: Regression: out of the box qpidd & clients generate gssapi auth errors
Product: Red Hat Enterprise MRG Reporter: Matthew Farrellee <matt>
Component: qpid-cppAssignee: messaging-bugs <messaging-bugs>
Status: CLOSED DUPLICATE QA Contact: MRG Quality Engineering <mrgqe-bugs>
Severity: high Docs Contact:
Priority: unspecified    
Version: 2.1.2CC: jneedle, jross
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-22 02:13:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Farrellee 2012-06-21 18:27:01 UTC 
qpidd & clients out of the box try to use the GSSAPI SASL mechanism when proper credentials are not available.

(non-qpid-tools clients also suffer this if cyrus-sasl-gssapi is installed, which appears to be the case in a base EL install. seen via c++, ruby and python qmf clients & agents)


From a fresh EL6.1 system (MRG AMI tested, ami-39f73850) -

# yum install qpid-cpp-server qpid-tools
...

# rpm -q qpid-cpp-server qpid-tools
qpid-cpp-server-0.14-16.el6.x86_64
qpid-tools-0.14-2.el6_2.noarch

# service qpidd start
Starting Qpid AMQP daemon:                                 [  OK  ]

# qpid-stat -c
Failed: ConnectionFailed - (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")

# rpm -q cyrus-sasl-gssapi
cyrus-sasl-gssapi-2.1.23-8.el6.x86_64

# yum remove cyrus-sasl-gssapi
...

# qpid-stat -c
Connections
  client-addr                     cproc      cpid  auth            connected  idle  msgIn  msgOut
  =================================================================================================
  127.0.0.1:5672-127.0.0.1:57922  qpid-stat  1366  anonymous@QPID  0s         0s     208    263

# yum install cyrus-sasl-gssapi
...


# qpid-stat -c
Failed: ConnectionFailed - (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")

# echo "mech_list: DIGEST-MD5 ANONYMOUS" >> /etc/sasl2/qpidd.conf

# qpid-stat -c
Failed: ConnectionFailed - (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")

# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]

# qpid-stat -c
Connections
  client-addr                     cproc      cpid  auth            connected  idle  msgIn  msgOut
  =================================================================================================
  127.0.0.1:5672-127.0.0.1:57933  qpid-stat  1465  anonymous@QPID  2s         0s     208    263
Comment 1 Jeff Needle 2012-06-22 02:13:37 UTC 

*** This bug has been marked as a duplicate of bug 815482 ***