Bug 597066 - Python Connection object uses "guest" as the default username, breaks single-sign-on
Summary: Python Connection object uses "guest" as the default username, breaks single-...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: python-qpid
Version: Development
Hardware: All
OS: Linux
high
medium
Target Milestone: 1.3
: ---
Assignee: Gordon Sim
QA Contact: MRG Quality Engineering
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-28 03:49 UTC by Ted Ross
Modified: 2012-12-11 19:02 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2012-12-11 19:02:48 UTC


Attachments (Terms of Use)

Description Ted Ross 2010-05-28 03:49:59 UTC
Description of problem:

When using GSSAPI/Kerberos as an auth mechanism from the (new) Python API, the Connection object uses the username "guest" as a default.  The application must explicitly set username to None to get Kerberos/Single-sign-on to work (because with SSO, the application doesn't even know the identity of the user, it was set earlier using kinit).

The username should default to None if not supplied.

Comment 1 Gordon Sim 2010-06-01 09:39:16 UTC
Fixed on trunk (r949971) and release branch (http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commitdiff;h=7f006841387b54cb0165cfa6d1423cd3fae06ce2).

To test:

1) configure broker for kerberos support
2) kinit
3) run drain/spout example using a broker address that does not contain a username (broker address used should match that of the service principal, i.e. usually a fully qualified domain name)

This should work by taking the username used in step 2. Without the fix that username has to be explicitly in the broker address (e.g. -b gordon/dummy@mrg15.lab.bos.redhat.com).


Note You need to log in before you can comment on or make changes to this bug.