Bug 531842 – When kerberos auth is used, Java client should use the kerberos user_id & domain when setting the user_id in messages

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 531842 - When kerberos auth is used, Java client should use the kerberos user_id & domain when setting the user_id in messages

Summary:	When kerberos auth is used, Java client should use the kerberos user_id & dom...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-java (Show other bugs)
Sub Component:
Version:	1.1.7
Hardware:	All Linux

Priority	high Severity medium
Target Milestone:	1.3
Target Release:	---
Assigned To:	Rajith Attapattu
QA Contact:	Jiri Kolar
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	531844
	Show dependency tree / graph

Reported:	2009-10-29 12:17 EDT by Rajith Attapattu
Modified:	2010-10-14 12:10 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	When using kerberos authentication, the Java client used the user ID specified in the connection. However, the user ID did not contain any information about the domain. With this update, the user ID contains domain information. Note that when kerberos is not used, the Java client will set the user ID only.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2010-10-14 12:10:07 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2010:0773	normal	SHIPPED_LIVE	Moderate: Red Hat Enterprise MRG Messaging and Grid Version 1.3	2010-10-14 11:56:44 EDT

Groups: None (edit)

Description Rajith Attapattu 2009-10-29 12:17:35 EDT

Description of problem:
If kerberos auth is used, the java client should use the userid & domain when setting the user id in messages
Currently the java client just uses the user id specified in the connection.

How reproducible:
Always

Steps to Reproduce:
1. Use kerberos to auth with the c++ broker
2. Send a message to the c++ broker
3. Receive with any client and print the message headers.
  
Actual results:
The user id does not have any domain info
The user id is set to the userid given in the connection URL which is irrelevant in a kerberos setup.

Expected results:
The user id should have a domain if kerberos is used.
However if no kerberos is used the java client will just set the user id.
This is to ensure that it will work properly with the java broker.
On the c++ broker side, it will add the realm as the default domain for any id that does not contain a domain.

Additional info:

Comment 1 Rajith Attapattu 2010-01-12 16:00:10 EST

This is tracked via QPID-2174 in upstream.
I have checked in a fix at rev 898505 in Qpid trunk.

Comment 2 Jiri Kolar 2010-05-18 06:54:44 EDT

Tested:
on qpid-java-client-0.5.751061-9 bug appears
on qpid-java-client-0.7.934605-1 does not. It has been fixed

validated on RHEL  5.5 i386 / x86_64  and
 RHEL  4.8 i386 / x86_64 

packages:

# rpm -qa | grep -E '(qpid|openais|rhm)' | sort -u

openais-0.80.6-16.el5
openais-debuginfo-0.80.6-16.el5
python-qpid-0.7.938298-1.el5
qpid-cpp-client-0.7.935473-1.el5
qpid-cpp-client-devel-0.7.935473-1.el5
qpid-cpp-client-devel-docs-0.7.935473-1.el5
qpid-cpp-client-rdma-0.7.935473-1.el5
qpid-cpp-client-ssl-0.7.935473-1.el5
qpid-cpp-mrg-debuginfo-0.7.916826-2.el5
qpid-cpp-server-0.7.935473-1.el5
qpid-cpp-server-cluster-0.7.935473-1.el5
qpid-cpp-server-devel-0.7.935473-1.el5
qpid-cpp-server-rdma-0.7.935473-1.el5
qpid-cpp-server-ssl-0.7.935473-1.el5
qpid-cpp-server-store-0.7.935473-1.el5
qpid-cpp-server-xml-0.7.935473-1.el5
qpid-dotnet-0.4.738274-2.el5
qpid-java-client-0.7.934605-1.el5
qpid-java-common-0.7.934605-1.el5
qpid-tools-0.7.934605-2.el5
rhm-docs-0.6.937574-1.el5
ruby-qpid-0.4.749380-2.el5

->VERIFIED

Comment 3 Martin Prpič 2010-10-10 06:22:45 EDT

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
When using kerberos authentication, the Java client used the user ID specified in the connection. However, the user ID did not contain any information about the domain. With this update, the user ID contains domain information. Note that when kerberos is not used, the Java client will set the user ID only.

Comment 5 errata-xmlrpc 2010-10-14 12:10:07 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0773.html

Note You need to log in before you can comment on or make changes to this bug.