Bug 476716 - Feature: GSSAPI support in ruby client
Feature: GSSAPI support in ruby client
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-sdk (Show other bugs)
All Linux
urgent Severity medium
: 1.1.1
: ---
Assigned To: Ted Ross
Frantisek Reznicek
Depends On: 472519
  Show dependency treegraph
Reported: 2008-12-16 13:14 EST by Gordon Sim
Modified: 2015-11-15 19:06 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-04-21 12:17:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Ruby code used to test (2.03 KB, text/plain)
2009-04-14 05:03 EDT, Jan Sarenik
no flags Details

  None (edit)
Description Gordon Sim 2008-12-16 13:14:39 EST
Authentication and encryption.
Comment 1 Ted Ross 2009-01-20 16:34:09 EST
This feature is now implemented upstream as of revision 736111.
Comment 2 Jan Sarenik 2009-02-19 05:45:22 EST
Which one is the ruby client please?
Comment 3 Jan Sarenik 2009-02-19 10:19:11 EST
It is in the package ruby-qpid (I would rather like qpid-ruby).
Comment 4 Jan Sarenik 2009-02-23 04:37:15 EST
But I have still no idea how to test GSSAPI auth as
I do not feel capable of writing my own ruby test
at the moment. Any hint please?
Comment 5 Jan Sarenik 2009-02-23 05:34:25 EST
See https://bugzilla.redhat.com/show_bug.cgi?id=472519
for more info on how I configure simple Kerberos5 testing

For testing ruby client's GSSAPI auth I am trying to use
qpid/ruby/examples/hello-world.rb but experiencing an issue
that the client does not auth using GSSAPI mechanism at all.

# ./hello-world.rb dhcp-0-137.brq.redhat.com
/usr/lib/ruby/site_ruby/1.8/qpid/connection.rb:143:in `start': Qpid::ConnectionFailed
        from ./hello-world.rb:32

while on console running 'qpidd --auth yes --realm EXAMPLE.COM -t'
I am getting this:
2009-feb-23 11:26:43 debug RECV [] INIT(0-10)
2009-feb-23 11:26:43 debug min_ssf: 0, max_ssf: 256
2009-feb-23 11:26:43 info SASL: Mechanism list: PLAIN ANONYMOUS GSSAPI LOGIN
2009-feb-23 11:26:43 trace SENT INIT(0-10)
2009-feb-23 11:26:43 trace SENT []: Frame[BEbe; channel=0; {ConnectionStartBody: server-properties={qpid.federation_tag:V2:36:str16(2ff202c7-695f-4635-829d-7b71408c85cc)}; mechanisms=str16{V2:5:str16(PLAIN), V2:9:str16(ANONYMOUS), V2:6:str16(GSSAPI), V2:5:str16(LOGIN)}; locales=str16{V2:5:str16(en_US)}; }]
2009-feb-23 11:26:43 trace RECV []: Frame[BEbe; channel=0; {ConnectionStartOkBody: client-properties={platform:V2:9:vbin16(linux-gnu),product:V2:18:vbin16(qpid python client),version:V2:11:vbin16(development)}; mechanism=PLAIN; response=xxxxxx; }]
2009-feb-23 11:26:43 info SASL: Starting authentication with mechanism: PLAIN
2009-feb-23 11:26:43 info SASL: Authentication failed: SASL(-13): user not found: Password verification failed
2009-feb-23 11:26:43 debug Exception constructed: Authentication failed
2009-feb-23 11:26:43 trace SENT []: Frame[BEbe; channel=0; {ConnectionCloseBody: reply-code=320; reply-text=connection-forced: Authentication failed; }]
2009-feb-23 11:26:43 trace RECV []: Frame[BEbe; channel=0; {ConnectionCloseOkBody: }]
2009-feb-23 11:26:43 debug DISCONNECTED []

To prove that the setup is generally working, I am including
some more output:
# klist -5
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: testuser@EXAMPLE.COM

Valid starting     Expires            Service principal
02/23/09 11:17:31  02/24/09 11:17:31  krbtgt/EXAMPLE.COM@EXAMPLE.COM
02/23/09 11:18:36  02/24/09 11:17:31  qpidd/dhcp-0-137.brq.redhat.com@EXAMPLE.COM

# perftest -b dhcp-0-137.brq.redhat.com --count 1
Processing 1 messages from sub_ready . done.
Sending start 1 times to pub_start
Processing 1 messages from pub_done . done.
Processing 1 messages from sub_done . done.

Total 2 transfers of 1024 bytes in 0.016159 seconds.

Publish transfers/sec:    
Average: 214.318

Subscribe transfers/sec:  
Average: 19.1745

Total transfers/sec:      123.77
Total Mbytes/sec: 0.120869

# perftest --count 1 # do not try to run it without FQDN
2009-feb-23 11:29:10 warning Closing connection due to internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database) (qpid/client/SaslFactory.cpp:226)

internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database) (qpid/client/SaslFactory.cpp:226)
Comment 6 Jan Sarenik 2009-02-23 05:43:24 EST
I wonder if this is the issue:
# rpm -q ruby-qpid

This is the latest version in mrg-devel repo at the moment.
Comment 7 Ted Ross 2009-02-26 09:02:00 EST
GSSAPI support was introduced upstream at revision 736111.  The RPMs you are testing are too old.
Comment 8 Jeff Needle 2009-02-27 11:06:54 EST
Please move this to MODIFIED with a pointer to the new package when it is brewed.  Moving back to ASSIGNED.
Comment 9 Jan Sarenik 2009-03-03 07:19:05 EST
There is new ruby-qpid package, see
Comment 10 Jan Sarenik 2009-03-03 10:59:20 EST
Verified for ruby-qpid-0.4.749380-1.el5 which is not yet in
candidate repos.
Comment 11 Jan Sarenik 2009-04-14 05:03:59 EDT
Created attachment 339446 [details]
Ruby code used to test
Comment 13 errata-xmlrpc 2009-04-21 12:17:31 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.