Bug 1268433 - None of the qpid command line tools work if the broker is configured w/SASL and AMQP1.0
None of the qpid command line tools work if the broker is configured w/SASL a...
Status: NEW
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-tools (Show other bugs)
3.2
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: messaging-bugs
Messaging QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-02 15:43 EDT by Ken Giusti
Modified: 2015-10-08 13:18 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Apache JIRA QPID-6767 None None None Never

  None (edit)
Description Ken Giusti 2015-10-02 15:43:18 EDT
Description of problem:


When using AMQP1.0 clients with qpidd and authenticating with SASL DIGEST-MD5 or GSSAPI, the broker's sasl-service-name must be set to "amqp" for the clients to be authorized.

However, this causes the qpid-tools command line tools to fail as they set the sasl service name to 'qpidd'.

How to reproduce:

Configure broker to use SASL with DIGEST-MD5 as the only acceptable mech.

Attempt to run qpid-config against the broker:

 qpid-config -b amqp://<user>/<pw>@<hostname:port> 

this will fail with an authentication error (check qpidd logs --log-enable info+)
Comment 1 Ken Giusti 2015-10-02 15:51:23 EDT
Ugh - forgot the most important part:

set sasl-service-name to amqp in the broker config.

Confirm that AMQP1.0 test clients can authenticate using DIGEST-MD5
Comment 3 Ken Giusti 2015-10-08 13:18:12 EDT
Reopening.  Andrew has suggested a less intrusive fix.

Note You need to log in before you can comment on or make changes to this bug.