Bug 1268433 - None of the qpid command line tools work if the broker is configured w/SASL and AMQP1.0
Summary: None of the qpid command line tools work if the broker is configured w/SASL a...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-tools
Version: 3.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: messaging-bugs
QA Contact: Messaging QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-10-02 19:43 UTC by Ken Giusti
Modified: 2025-02-10 03:48 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2025-02-10 03:48:16 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Apache JIRA QPID-6767 0 None None None Never

Description Ken Giusti 2015-10-02 19:43:18 UTC
Description of problem:


When using AMQP1.0 clients with qpidd and authenticating with SASL DIGEST-MD5 or GSSAPI, the broker's sasl-service-name must be set to "amqp" for the clients to be authorized.

However, this causes the qpid-tools command line tools to fail as they set the sasl service name to 'qpidd'.

How to reproduce:

Configure broker to use SASL with DIGEST-MD5 as the only acceptable mech.

Attempt to run qpid-config against the broker:

 qpid-config -b amqp://<user>/<pw>@<hostname:port> 

this will fail with an authentication error (check qpidd logs --log-enable info+)

Comment 1 Ken Giusti 2015-10-02 19:51:23 UTC
Ugh - forgot the most important part:

set sasl-service-name to amqp in the broker config.

Confirm that AMQP1.0 test clients can authenticate using DIGEST-MD5

Comment 3 Ken Giusti 2015-10-08 17:18:12 UTC
Reopening.  Andrew has suggested a less intrusive fix.

Comment 4 Red Hat Bugzilla 2025-02-10 03:48:16 UTC
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.


Note You need to log in before you can comment on or make changes to this bug.