Bug 974676
| Summary: | python qpid client rarely refuses to correctly authenticate with qpidd server using GSSAPI [connection-forced: Authentication failed(320) - authentication failure: Requested identity not authenticated identity] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Frantisek Reznicek <freznice> |
| Component: | python-qpid | Assignee: | messaging-bugs <messaging-bugs> |
| Status: | NEW --- | QA Contact: | MRG Quality Engineering <mrgqe-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 2.3 | CC: | jross |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: Python qpid client rarely refuses to correctly authenticate with qpidd server using GSSAPI [connection-forced: Authentication failed(320) - authentication failure: Requested identity not authenticated identity]: There are observations that both qpid python clients (low level client, high level client) are rarely failing client-server authentication following way: Traceback (most recent call last): File "/mnt/tests/distribution/MRG/Messaging/qpid_common/clients/python/qc2_spout.py", line 222, in ? conn.open() File "<string>", line 6, in open File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 256, in open self.attach() File "<string>", line 6, in attach File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 274, in attach self._ewait(lambda: self._transport_connected and not self._unlinked()) File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 209, in _ewait self.check_error() File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 202, in check_error raise self.error qpid.messaging.exceptions.ConnectionError: connection-forced: Authentication failed(320) ecode:1 broker log appears to show: 2013-06-14 11:17:34 [System] debug RECV [10.16.64.214:35754-10.16.64.214:43388]: INIT(0-10) 2013-06-14 11:17:34 [Security] debug External ssf=0 and auth= 2013-06-14 11:17:34 [Security] debug min_ssf: 0, max_ssf: 256, external_ssf: 0 2013-06-14 11:17:34 [Security] info SASL: Mechanism list: GSSAPI PLAIN LOGIN ANONYMOUS 2013-06-14 11:17:34 [Broker] debug LinkRegistry::notifyConnection(); key=10.16.64.214:35754-10.16.64.214:43388 2013-06-14 11:17:34 [Management] debug Management object (V1) added: org.apache.qpid.broker:connection:10.16.64.214:35754-10.16.64.214:43388 2013-06-14 11:17:34 [Security] info SASL: Starting authentication with mechanism: GSSAPI 2013-06-14 11:17:34 [Security] debug SASL: sending challenge to client 2013-06-14 11:17:34 [Security] debug SASL: sending challenge to client 2013-06-14 11:17:34 [Security] info SASL: Authentication failed for nIK6mBQg47FbeSNt3saqYa2qvI7Xk1KsOvb:SASL(-13): authentication failure: Requested identity not authenticated identity 2013-06-14 11:17:34 [System] debug Exception constructed: Authentication failed 2013-06-14 11:17:34 [Management] debug SEND raiseEvent (v1) class=org.apache.qpid.broker.clientConnectFail 2013-06-14 11:17:34 [Management] debug SEND raiseEvent (v2) class=org.apache.qpid.broker.clientConnectFail 2013-06-14 11:17:34 [Model] debug Failed connection. rhost:10.16.64.214:35754-10.16.64.214:43388 user:nIK6mBQg47FbeSNt3saqYa2qvI7Xk1KsOvb reason:SASL(-13): authentication failure: Requested identity not authenticated identity 2013-06-14 11:17:34 [System] debug DISCONNECTED [10.16.64.214:35754-10.16.64.214:43388] 2013-06-14 11:17:34 [Management] debug SEND raiseEvent (v1) class=org.apache.qpid.broker.clientDisconnect 2013-06-14 11:17:34 [Management] debug SEND raiseEvent (v2) class=org.apache.qpid.broker.clientDisconnect 2013-06-14 11:17:34 [Model] debug Delete connection. user: rhost:10.16.64.214:35754-10.16.64.214:43388 Testing script uses multiple clients in a batch. Results are showing that just fractional amount of python client authenticating cases are failing. Just python client is failing, others (c++, ruby, java) are passing. These facts lead to current conclusion that it is just problem of python client with very low reproducibility. Version-Release number of selected component (if applicable): qpid-0.18 How reproducible: <1% Steps to Reproduce: 0. perform in loop qpid_ptest_authentication_krb5 test or following steps 1. set-up kerberos infrastructure 2. kinit 3. run client[s], expect PASS 4. kdestroy 5. run client[s], expect FAIL 6. kinit 7. run client[s], expect PASS 8. loop steps 2-7. Actual results: Python qpid client fails to authenticate using GSSAPI auth. method in situation when success is expected. Expected results: Python qpid client should not fail authenticate in above cases.