Bug 597066 - Python Connection object uses "guest" as the default username, breaks single-sign-on
Python Connection object uses "guest" as the default username, breaks single-...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: python-qpid (Show other bugs)
Development
All Linux
high Severity medium
: 1.3
: ---
Assigned To: Gordon Sim
MRG Quality Engineering
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-27 23:49 EDT by Ted Ross
Modified: 2012-12-11 14:02 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-11 14:02:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ted Ross 2010-05-27 23:49:59 EDT
Description of problem:

When using GSSAPI/Kerberos as an auth mechanism from the (new) Python API, the Connection object uses the username "guest" as a default.  The application must explicitly set username to None to get Kerberos/Single-sign-on to work (because with SSO, the application doesn't even know the identity of the user, it was set earlier using kinit).

The username should default to None if not supplied.
Comment 1 Gordon Sim 2010-06-01 05:39:16 EDT
Fixed on trunk (r949971) and release branch (http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commitdiff;h=7f006841387b54cb0165cfa6d1423cd3fae06ce2).

To test:

1) configure broker for kerberos support
2) kinit
3) run drain/spout example using a broker address that does not contain a username (broker address used should match that of the service principal, i.e. usually a fully qualified domain name)

This should work by taking the username used in step 2. Without the fix that username has to be explicitly in the broker address (e.g. -b gordon/dummy@mrg15.lab.bos.redhat.com).

Note You need to log in before you can comment on or make changes to this bug.