Description of problem:
When using GSSAPI/Kerberos as an auth mechanism from the (new) Python API, the Connection object uses the username "guest" as a default. The application must explicitly set username to None to get Kerberos/Single-sign-on to work (because with SSO, the application doesn't even know the identity of the user, it was set earlier using kinit).
The username should default to None if not supplied.
Fixed on trunk (r949971) and release branch (http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commitdiff;h=7f006841387b54cb0165cfa6d1423cd3fae06ce2).
1) configure broker for kerberos support
3) run drain/spout example using a broker address that does not contain a username (broker address used should match that of the service principal, i.e. usually a fully qualified domain name)
This should work by taking the username used in step 2. Without the fix that username has to be explicitly in the broker address (e.g. -b email@example.com).