Authentication and encryption.
This feature is now implemented upstream as of revision 736111.
Which one is the ruby client please?
It is in the package ruby-qpid (I would rather like qpid-ruby).
But I have still no idea how to test GSSAPI auth as I do not feel capable of writing my own ruby test at the moment. Any hint please?
See https://bugzilla.redhat.com/show_bug.cgi?id=472519 for more info on how I configure simple Kerberos5 testing environment. For testing ruby client's GSSAPI auth I am trying to use qpid/ruby/examples/hello-world.rb but experiencing an issue that the client does not auth using GSSAPI mechanism at all. ---------------------------------------------------------------- # ./hello-world.rb dhcp-0-137.brq.redhat.com /usr/lib/ruby/site_ruby/1.8/qpid/connection.rb:143:in `start': Qpid::ConnectionFailed from ./hello-world.rb:32 ---------------------------------------------------------------- while on console running 'qpidd --auth yes --realm EXAMPLE.COM -t' I am getting this: ---------------------------------------------------------------- 2009-feb-23 11:26:43 debug RECV [10.34.0.137:42225] INIT(0-10) 2009-feb-23 11:26:43 debug min_ssf: 0, max_ssf: 256 2009-feb-23 11:26:43 info SASL: Mechanism list: PLAIN ANONYMOUS GSSAPI LOGIN 2009-feb-23 11:26:43 trace SENT 10.34.0.137:42225 INIT(0-10) 2009-feb-23 11:26:43 trace SENT [10.34.0.137:42225]: Frame[BEbe; channel=0; {ConnectionStartBody: server-properties={qpid.federation_tag:V2:36:str16(2ff202c7-695f-4635-829d-7b71408c85cc)}; mechanisms=str16{V2:5:str16(PLAIN), V2:9:str16(ANONYMOUS), V2:6:str16(GSSAPI), V2:5:str16(LOGIN)}; locales=str16{V2:5:str16(en_US)}; }] 2009-feb-23 11:26:43 trace RECV [10.34.0.137:42225]: Frame[BEbe; channel=0; {ConnectionStartOkBody: client-properties={platform:V2:9:vbin16(linux-gnu),product:V2:18:vbin16(qpid python client),version:V2:11:vbin16(development)}; mechanism=PLAIN; response=xxxxxx; }] 2009-feb-23 11:26:43 info SASL: Starting authentication with mechanism: PLAIN 2009-feb-23 11:26:43 info SASL: Authentication failed: SASL(-13): user not found: Password verification failed 2009-feb-23 11:26:43 debug Exception constructed: Authentication failed 2009-feb-23 11:26:43 trace SENT [10.34.0.137:42225]: Frame[BEbe; channel=0; {ConnectionCloseBody: reply-code=320; reply-text=connection-forced: Authentication failed; }] 2009-feb-23 11:26:43 trace RECV [10.34.0.137:42225]: Frame[BEbe; channel=0; {ConnectionCloseOkBody: }] 2009-feb-23 11:26:43 debug DISCONNECTED [10.34.0.137:42225] ---------------------------------------------------------------- To prove that the setup is generally working, I am including some more output: ---------------------------------------------------------------- # klist -5 Ticket cache: FILE:/tmp/krb5cc_0 Default principal: testuser Valid starting Expires Service principal 02/23/09 11:17:31 02/24/09 11:17:31 krbtgt/EXAMPLE.COM 02/23/09 11:18:36 02/24/09 11:17:31 qpidd/dhcp-0-137.brq.redhat.com # perftest -b dhcp-0-137.brq.redhat.com --count 1 Processing 1 messages from sub_ready . done. Sending start 1 times to pub_start Processing 1 messages from pub_done . done. Processing 1 messages from sub_done . done. Total 2 transfers of 1024 bytes in 0.016159 seconds. Publish transfers/sec: 214.318 Average: 214.318 Subscribe transfers/sec: 19.1745 Average: 19.1745 Total transfers/sec: 123.77 Total Mbytes/sec: 0.120869 # perftest --count 1 # do not try to run it without FQDN 2009-feb-23 11:29:10 warning Closing connection due to internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) (qpid/client/SaslFactory.cpp:226) internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) (qpid/client/SaslFactory.cpp:226) ----------------------------------------------------------------
I wonder if this is the issue: # rpm -q ruby-qpid ruby-qpid-0.3.725356-2.el5 This is the latest version in mrg-devel repo at the moment.
GSSAPI support was introduced upstream at revision 736111. The RPMs you are testing are too old.
Please move this to MODIFIED with a pointer to the new package when it is brewed. Moving back to ASSIGNED.
There is new ruby-qpid package, see https://brewweb.devel.redhat.com/buildinfo?buildID=82344
Verified for ruby-qpid-0.4.749380-1.el5 which is not yet in candidate repos.
Created attachment 339446 [details] Ruby code used to test
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0434.html