Description of problem: Authentication of client - broker without forcing authentication method on client surely depends on set of authentication mechanisms installed on target machine. The picked authentication mechanism should be selected based on the mechanism security, i.e. when PLAIN and ANONYMOUS are both available on both client and server, then PLAIN should be used (assuming broker in auth=yes auth. mode) There are multiple observations that above auth. mechanism selection is not done properly and less secure mechanism might be used. Giving an easy example: - Running broker with following config: [root@dhcp-37-203 ~]# cat /etc/qpidd.conf #log-enable=info+ log-enable=debug+ log-to-file=/tmp/qpidd.log auth=yes - simple running perftest to demonstrate which mechanism is selected: qpid-perftest --username guest --password guest --count 1 -s This behavior is very bad as some clients will fail to operate correctly (for instance low-latency job scheduling via qmf with credentials cumin/cumin) as in some cases (see last chapter) authentication will be done as ANONYMOUS instead of stronger and secure PLAIN. Version-Release number of selected component (if applicable): 1.3 and later How reproducible: On some machines 100%, sometimes 0% Steps to Reproduce: 1. set-up qpidd; service qpidd [re]start 2. qpid-perftest --username guest --password guest --count 1 -s 3. grep SASL <broker-log> Actual results: Authentication mechanisms are not selected predictably. Expected results: Authentication mechanisms should be selected predictably. Additional info: Following transcripts show three different authentication mechanisms picked with the same configuration of /etc/sasl2/qpidd.conf and same installed cyrus-sasl* packages. First one selects ANONYMOUS, the second one LOGIN and third one PLAIN. alpha] RHEL 5.6 i386 [root@dhcp-37-202 ~]# service qpidd stop ; :> /tmp/qpidd.log ; service qpidd start Stopping Qpid AMQP daemon: [ OK ] Starting Qpid AMQP daemon: [ OK ] [root@dhcp-37-202 ~]# rpm -V qpid-cpp-server S.5....T c /etc/qpidd.conf [root@dhcp-37-202 ~]# qpid-perftest --count 1 --username guest --password guest -s 24.4072 11.6858 46.0719 0.0449921 [root@dhcp-37-202 ~]# grep SASL /tmp/qpidd.log 2011-02-07 13:19:26 info SASL enabled 2011-02-07 13:19:33 info SASL: Mechanism list: ANONYMOUS LOGIN PLAIN 2011-02-07 13:19:33 debug SASL: Starting authentication with mechanism: ANONYMOUS 2011-02-07 13:19:33 info 127.0.0.1:5672-127.0.0.1:57067 SASL: Authentication succeeded for: anonymous@QPID 2011-02-07 13:19:33 info SASL: Mechanism list: ANONYMOUS LOGIN PLAIN 2011-02-07 13:19:33 debug SASL: Starting authentication with mechanism: ANONYMOUS 2011-02-07 13:19:33 info 127.0.0.1:5672-127.0.0.1:57068 SASL: Authentication succeeded for: anonymous@QPID 2011-02-07 13:19:33 info SASL: Mechanism list: ANONYMOUS LOGIN PLAIN 2011-02-07 13:19:33 debug SASL: Starting authentication with mechanism: ANONYMOUS 2011-02-07 13:19:33 info 127.0.0.1:5672-127.0.0.1:57069 SASL: Authentication succeeded for: anonymous@QPID 2011-02-07 13:19:33 info SASL: Mechanism list: ANONYMOUS LOGIN PLAIN 2011-02-07 13:19:33 debug SASL: Starting authentication with mechanism: ANONYMOUS 2011-02-07 13:19:33 info 127.0.0.1:5672-127.0.0.1:57070 SASL: Authentication succeeded for: anonymous@QPID [root@dhcp-37-202 ~]# cat /etc/qpidd.conf #log-enable=info+ log-enable=debug+ log-to-file=/tmp/qpidd.log truncate=yes auth=yes [root@dhcp-37-202 ~]# rpm -qa | grep -E '(cyrus|qpid|qmf)' | sort cyrus-sasl-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 python-qmf-0.7.946106-14.el5 python-qpid-0.7.946106-15.el5 qmf-0.7.946106-28.el5 qmf-devel-0.7.946106-28.el5 qpid-cpp-client-0.7.946106-28.el5 qpid-cpp-client-devel-0.7.946106-28.el5 qpid-cpp-client-devel-docs-0.7.946106-28.el5 qpid-cpp-client-ssl-0.7.946106-28.el5 qpid-cpp-server-0.7.946106-28.el5 qpid-cpp-server-cluster-0.7.946106-28.el5 qpid-cpp-server-devel-0.7.946106-28.el5 qpid-cpp-server-ssl-0.7.946106-28.el5 qpid-cpp-server-store-0.7.946106-28.el5 qpid-cpp-server-xml-0.7.946106-28.el5 qpid-java-client-0.7.946106-15.el5 qpid-java-common-0.7.946106-15.el5 qpid-java-example-0.7.946106-15.el5 qpid-tools-0.7.946106-12.el5 [root@dhcp-37-202 ~]# rpm -V qpid-cpp-server S.5....T c /etc/qpidd.conf [root@dhcp-37-202 ~]# rpm -qa | grep saslwr saslwrapper-0.1.934605-2.el5 saslwrapper-devel-0.1.934605-2.el5 ruby-saslwrapper-0.1.934605-2.el5 python-saslwrapper-0.1.934605-2.el5 [root@dhcp-37-202 ~]# uname -a Linux dhcp-37-202.lab.eng.brq.redhat.com 2.6.18-238.el5 #1 SMP Sun Dec 19 14:24:47 EST 2010 i686 i686 i386 GNU/Linux beta] RHEL 5.6 x86_64 [root@dhcp-37-203 ~]# service qpidd stop ; :> /tmp/qpidd.log ; service qpidd start Stopping Qpid AMQP daemon: [ OK ] Starting Qpid AMQP daemon: [ OK ] [root@dhcp-37-203 ~]# qpid-perftest --count 1 --username guest --password guest -s 717.36 13.9669 358.102 0.349709 [root@dhcp-37-203 ~]# grep SASL /tmp/qpidd.log 2011-02-07 13:20:07 info SASL enabled 2011-02-07 13:20:22 info SASL: Mechanism list: LOGIN PLAIN ANONYMOUS 2011-02-07 13:20:22 debug SASL: Starting authentication with mechanism: LOGIN 2011-02-07 13:20:22 debug SASL: sending challenge to client 2011-02-07 13:20:22 debug SASL: sending challenge to client 2011-02-07 13:20:22 info 127.0.0.1:5672-127.0.0.1:38571 SASL: Authentication succeeded for: guest@QPID 2011-02-07 13:20:22 info SASL: Mechanism list: LOGIN PLAIN ANONYMOUS 2011-02-07 13:20:22 debug SASL: Starting authentication with mechanism: LOGIN 2011-02-07 13:20:22 debug SASL: sending challenge to client 2011-02-07 13:20:22 debug SASL: sending challenge to client 2011-02-07 13:20:22 info 127.0.0.1:5672-127.0.0.1:38572 SASL: Authentication succeeded for: guest@QPID 2011-02-07 13:20:22 info SASL: Mechanism list: LOGIN PLAIN ANONYMOUS 2011-02-07 13:20:22 debug SASL: Starting authentication with mechanism: LOGIN 2011-02-07 13:20:22 debug SASL: sending challenge to client 2011-02-07 13:20:22 debug SASL: sending challenge to client 2011-02-07 13:20:22 info 127.0.0.1:5672-127.0.0.1:38573 SASL: Authentication succeeded for: guest@QPID 2011-02-07 13:20:22 info SASL: Mechanism list: LOGIN PLAIN ANONYMOUS 2011-02-07 13:20:22 debug SASL: Starting authentication with mechanism: LOGIN 2011-02-07 13:20:22 debug SASL: sending challenge to client 2011-02-07 13:20:22 debug SASL: sending challenge to client 2011-02-07 13:20:22 info 127.0.0.1:5672-127.0.0.1:38574 SASL: Authentication succeeded for: guest@QPID [root@dhcp-37-203 ~]# cat /etc/qpidd.conf #log-enable=info+ log-enable=debug+ log-to-file=/tmp/qpidd.log truncate=yes auth=yes [root@dhcp-37-203 ~]# rpm -qa | grep -E '(cyrus|qpid|qmf)' | sort cyrus-sasl-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 python-qmf-0.7.946106-14.el5 python-qpid-0.7.946106-15.el5 qmf-0.7.946106-28.el5 qmf-devel-0.7.946106-28.el5 qpid-cpp-client-0.7.946106-28.el5 qpid-cpp-client-devel-0.7.946106-28.el5 qpid-cpp-client-devel-docs-0.7.946106-28.el5 qpid-cpp-client-ssl-0.7.946106-28.el5 qpid-cpp-server-0.7.946106-28.el5 qpid-cpp-server-cluster-0.7.946106-28.el5 qpid-cpp-server-devel-0.7.946106-28.el5 qpid-cpp-server-ssl-0.7.946106-28.el5 qpid-cpp-server-store-0.7.946106-28.el5 qpid-cpp-server-xml-0.7.946106-28.el5 qpid-java-client-0.7.946106-15.el5 qpid-java-common-0.7.946106-15.el5 qpid-java-example-0.7.946106-15.el5 qpid-tools-0.7.946106-12.el5 [root@dhcp-37-203 ~]# rpm -V qpid-cpp-server S.5....T c /etc/qpidd.conf [root@dhcp-37-203 ~]# rpm -qa | grep saslwr ruby-saslwrapper-0.1.934605-2.el5 saslwrapper-0.1.934605-2.el5 saslwrapper-devel-0.1.934605-2.el5 python-saslwrapper-0.1.934605-2.el5 [root@dhcp-37-203 ~]# uname -a Linux dhcp-37-203.lab.eng.brq.redhat.com 2.6.18-238.el5 #1 SMP Sun Dec 19 14:22:44 EST 2010 x86_64 x86_64 x86_64 GNU/Linux gamma] RHEL 5.6 x86_64 (another) [root@dhcp-26-233 /]# service qpidd stop ; :> /tmp/qpidd.log ; service qpidd start Stopping Qpid AMQP daemon: [ OK ] Starting Qpid AMQP daemon: [ OK ] [root@dhcp-26-233 /]# qpid-perftest --username guest --password guest --count 1 -s 1569.86 27.6978 56.6524 0.0553246 [root@dhcp-26-233 /]# grep SASL /tmp/qpidd.log 2011-02-07 14:24:48 info SASL enabled 2011-02-07 14:24:49 info SASL: Mechanism list: PLAIN ANONYMOUS LOGIN 2011-02-07 14:24:49 debug SASL: Starting authentication with mechanism: PLAIN 2011-02-07 14:24:49 info 127.0.0.1:5672-127.0.0.1:39662 SASL: Authentication succeeded for: guest@QPID 2011-02-07 14:24:53 info SASL: Mechanism list: PLAIN ANONYMOUS LOGIN 2011-02-07 14:24:53 debug SASL: Starting authentication with mechanism: PLAIN 2011-02-07 14:24:53 info 127.0.0.1:5672-127.0.0.1:39663 SASL: Authentication succeeded for: guest@QPID 2011-02-07 14:24:53 info SASL: Mechanism list: PLAIN ANONYMOUS LOGIN 2011-02-07 14:24:53 debug SASL: Starting authentication with mechanism: PLAIN 2011-02-07 14:24:53 info 127.0.0.1:5672-127.0.0.1:39664 SASL: Authentication succeeded for: guest@QPID 2011-02-07 14:24:53 info SASL: Mechanism list: PLAIN ANONYMOUS LOGIN 2011-02-07 14:24:53 debug SASL: Starting authentication with mechanism: PLAIN 2011-02-07 14:24:53 info 127.0.0.1:5672-127.0.0.1:39665 SASL: Authentication succeeded for: guest@QPID 2011-02-07 14:24:53 info SASL: Mechanism list: PLAIN ANONYMOUS LOGIN 2011-02-07 14:24:53 debug SASL: Starting authentication with mechanism: PLAIN 2011-02-07 14:24:53 info 127.0.0.1:5672-127.0.0.1:39666 SASL: Authentication succeeded for: guest@QPID [root@dhcp-26-233 /]# cat /etc/qpidd.conf # # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # # Configuration file for qpidd. Entries are of the form: # name=value # # (Note: no spaces on either side of '='). Using default settings: # "qpidd --help" or "man qpidd" for more details. cluster-mechanism=ANONYMOUS #cluster-name=freznice-virt-cluster #log-enable=info+ log-enable=debug+ #log-enable=trace+:management #log-enable=trace+ log-to-file=/tmp/qpidd.log #mgmt-pub-interval=10 #truncate=yes [root@dhcp-26-233 /]# rpm -qa | grep -E '(cyrus|qpid|qmf)' | sort cyrus-sasl-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 python-qmf-0.7.946106-14.el5 python-qpid-0.7.946106-15.el5 qmf-0.7.946106-28.el5 qmf-devel-0.7.946106-28.el5 qpid-cpp-client-0.7.946106-28.el5 qpid-cpp-client-devel-0.7.946106-28.el5 qpid-cpp-client-devel-docs-0.7.946106-28.el5 qpid-cpp-client-ssl-0.7.946106-28.el5 qpid-cpp-mrg-debuginfo-0.7.946106-27.el5 qpid-cpp-server-0.7.946106-28.el5 qpid-cpp-server-cluster-0.7.946106-28.el5 qpid-cpp-server-devel-0.7.946106-28.el5 qpid-cpp-server-ssl-0.7.946106-28.el5 qpid-cpp-server-store-0.7.946106-28.el5 qpid-cpp-server-xml-0.7.946106-28.el5 qpid-java-client-0.7.946106-15.el5 qpid-java-common-0.7.946106-15.el5 qpid-java-example-0.7.946106-15.el5 qpid-tools-0.7.946106-12.el5 [root@dhcp-26-233 /]# rpm -V qpid-cpp-server S.5....T c /etc/qpidd.conf [root@dhcp-26-233 /]# rpm -qa | grep saslwr saslwrapper-0.1.934605-2.el5 ruby-saslwrapper-0.1.934605-2.el5 python-saslwrapper-0.1.934605-2.el5 saslwrapper-devel-0.1.934605-2.el5 [root@dhcp-26-233 /]# uname -a Linux dhcp-26-233.brq.redhat.com 2.6.18-238.el5 #1 SMP Sun Dec 19 14:22:44 EST 2010 x86_64 x86_64 x86_64 GNU/Linux
From the behavior we can see the broker's authentication mechanisms listed in log file have different order: 2011-02-07 13:19:33 info SASL: Mechanism list: ANONYMOUS LOGIN PLAIN or 2011-02-07 13:20:22 info SASL: Mechanism list: LOGIN PLAIN ANONYMOUS or 2011-02-07 14:24:49 info SASL: Mechanism list: PLAIN ANONYMOUS LOGIN and then (if client supports those three as well) the first matching is used, in our case it would be ANONYMOUS / LOGIN / PLAIN resp. See Additional info section for more details.
Expected results (from Comment 1 / Additional info sections) are: if both broker and client supports ANONYMOUS and LOGIN and PLAIN, then PLAIN should be selected automatically (as LOGIN and ANONYMOUS are less secure / weaker authentications).
An update: "broker without forcing authentication method on client surely depends on set of authentication mechanisms installed on target machine". This is no longer true. As of 2.3, we have an explicit mech list (bug 846465). In general, we recommend users edit the mech list to exclude less secure mechanisms. Frantisek, what remains to fix here? The order of client mech lists?
I retested the testing scenario on last stable packages and testing results prove that defect is fixed. -> VERIFIED [root@mrg-qe-10 messaging]# echo guest | saslpasswd2 -c -p -f /var/lib/qpidd/qpidd.sasldb -u QPID guest [root@mrg-qe-10 messaging]# sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb guest@QPID: userPassword ------------------------------------- c++ spout [root@mrg-qe-10 messaging]# ./spout --connection-options '{username:guest, password:guest, sasl-mechanisms:PLAIN}' "ADDR1; {create:sender}" [root@mrg-qe-10 messaging]# ./spout --connection-options '{username:guest, password:guest}' "ADDR1; {create:sender}" [root@mrg-qe-10 messaging]# ./spout "ADDR1; {create:sender}" [root@mrg-qe-10 messaging]# grep SASL ~qpidd/qpidd.log 2013-03-18 11:24:51 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:24:51 [Security] info SASL: Starting authentication with mechanism: PLAIN 2013-03-18 11:24:51 [Security] info 127.0.0.1:5672-127.0.0.1:51712 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:25:31 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:25:31 [Security] info SASL: Starting authentication with mechanism: DIGEST-MD5 2013-03-18 11:25:31 [Security] debug SASL: sending challenge to client 2013-03-18 11:25:31 [Security] debug SASL: sending challenge to client 2013-03-18 11:25:31 [Security] info 127.0.0.1:5672-127.0.0.1:51713 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:31:59 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:31:59 [Security] info SASL: Starting authentication with mechanism: ANONYMOUS 2013-03-18 11:31:59 [Security] info 127.0.0.1:5672-127.0.0.1:51718 SASL: Authentication succeeded for: anonymous@QPID ------------------------------------- c++ qpid-perftest (shortened) [root@mrg-qe-10 messaging]# qpid-perftest --count 1 -s 25.1315 8.29734 49.1037 0.0479528 [root@mrg-qe-10 messaging]# qpid-perftest --count 1 -s --username guest --password guest 24.9295 22.5437 48.7552 0.0476125 [root@mrg-qe-10 messaging]# qpid-perftest --count 1 -s --username guest --password guest --mechanism PLAIN 25.1362 8.1947 24.9686 0.0243834 [root@mrg-qe-10 messaging]# grep SASL ~qpidd/qpidd.log 2013-03-18 11:39:19 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:19 [Security] info SASL: Starting authentication with mechanism: ANONYMOUS 2013-03-18 11:39:19 [Security] info [::1]:5672-[::1]:56975 SASL: Authentication succeeded for: anonymous@QPID 2013-03-18 11:39:19 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:19 [Security] info SASL: Starting authentication with mechanism: ANONYMOUS 2013-03-18 11:39:19 [Security] info [::1]:5672-[::1]:56976 SASL: Authentication succeeded for: anonymous@QPID 2013-03-18 11:39:19 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:19 [Security] info SASL: Starting authentication with mechanism: ANONYMOUS 2013-03-18 11:39:19 [Security] info [::1]:5672-[::1]:56977 SASL: Authentication succeeded for: anonymous@QPID 2013-03-18 11:39:19 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:19 [Security] info SASL: Starting authentication with mechanism: ANONYMOUS 2013-03-18 11:39:19 [Security] info [::1]:5672-[::1]:56978 SASL: Authentication succeeded for: anonymous@QPID 2013-03-18 11:39:36 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:36 [Security] info SASL: Starting authentication with mechanism: DIGEST-MD5 2013-03-18 11:39:36 [Security] debug SASL: sending challenge to client 2013-03-18 11:39:36 [Security] debug SASL: sending challenge to client 2013-03-18 11:39:36 [Security] info [::1]:5672-[::1]:56979 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:39:36 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:36 [Security] info SASL: Starting authentication with mechanism: DIGEST-MD5 2013-03-18 11:39:36 [Security] debug SASL: sending challenge to client 2013-03-18 11:39:36 [Security] debug SASL: sending challenge to client 2013-03-18 11:39:36 [Security] info [::1]:5672-[::1]:56980 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:39:36 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:36 [Security] info SASL: Starting authentication with mechanism: DIGEST-MD5 2013-03-18 11:39:36 [Security] debug SASL: sending challenge to client 2013-03-18 11:39:36 [Security] debug SASL: sending challenge to client 2013-03-18 11:39:36 [Security] info [::1]:5672-[::1]:56981 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:39:36 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:36 [Security] info SASL: Starting authentication with mechanism: DIGEST-MD5 2013-03-18 11:39:36 [Security] debug SASL: sending challenge to client 2013-03-18 11:39:36 [Security] debug SASL: sending challenge to client 2013-03-18 11:39:36 [Security] info [::1]:5672-[::1]:56982 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:39:47 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:47 [Security] info SASL: Starting authentication with mechanism: PLAIN 2013-03-18 11:39:47 [Security] info [::1]:5672-[::1]:56983 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:39:47 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:47 [Security] info SASL: Starting authentication with mechanism: PLAIN 2013-03-18 11:39:47 [Security] info [::1]:5672-[::1]:56984 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:39:47 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:47 [Security] info SASL: Starting authentication with mechanism: PLAIN 2013-03-18 11:39:47 [Security] info [::1]:5672-[::1]:56985 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:39:47 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:39:47 [Security] info SASL: Starting authentication with mechanism: PLAIN 2013-03-18 11:39:47 [Security] info [::1]:5672-[::1]:56986 SASL: Authentication succeeded for: guest@QPID ------------------------------------- Python spout [root@mrg-qe-10 messaging]# diff -u /usr/share/doc/python-qpid-0.18/examples/api/spout /usr/share/doc/python-qpid-0.18/examples/api/spout1 --- /usr/share/doc/python-qpid-0.18/examples/api/spout 2012-07-19 11:54:08.000000000 -0400 +++ /usr/share/doc/python-qpid-0.18/examples/api/spout1 2013-03-18 11:29:38.145095468 -0400 @@ -92,6 +92,9 @@ content = text conn = Connection(opts.broker, + username='guest', + password='guest', + sasl_mechanisms='PLAIN', reconnect=opts.reconnect, reconnect_interval=opts.reconnect_interval, reconnect_limit=opts.reconnect_limit) [root@mrg-qe-10 messaging]# diff -u /usr/share/doc/python-qpid-0.18/examples/api/spout /usr/share/doc/python-qpid-0.18/examples/api/spout2 --- /usr/share/doc/python-qpid-0.18/examples/api/spout 2012-07-19 11:54:08.000000000 -0400 +++ /usr/share/doc/python-qpid-0.18/examples/api/spout2 2013-03-18 11:29:03.826560831 -0400 @@ -92,6 +92,8 @@ content = text conn = Connection(opts.broker, + username='guest', + password='guest', reconnect=opts.reconnect, reconnect_interval=opts.reconnect_interval, reconnect_limit=opts.reconnect_limit) [root@mrg-qe-10 messaging]# [root@mrg-qe-10 messaging]# [root@mrg-qe-10 messaging]# python /usr/share/doc/python-qpid-0.18/examples/api/spout1 "ADDR2; {create:sender}" Message(properties={'spout-id': 'a6dc4885-87b1-4750-8af9-aa7e4961b528:0'}) [root@mrg-qe-10 messaging]# python /usr/share/doc/python-qpid-0.18/examples/api/spout2 "ADDR2; {create:sender}" Message(properties={'spout-id': 'db07b2f1-b261-4787-8bcc-d6dd71d5d468:0'}) [root@mrg-qe-10 messaging]# python /usr/share/doc/python-qpid-0.18/examples/api/spout "ADDR2; {create:sender}" Message(properties={'spout-id': 'dafc56ae-de1d-43b3-bcf0-2a35420c5731:0'}) [root@mrg-qe-10 messaging]# grep SASL ~qpidd/qpidd.log 2013-03-18 11:30:14 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:30:14 [Security] info SASL: Starting authentication with mechanism: PLAIN 2013-03-18 11:30:14 [Security] info [::1]:5672-[::1]:56967 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:30:32 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:30:32 [Security] info SASL: Starting authentication with mechanism: DIGEST-MD5 2013-03-18 11:30:32 [Security] debug SASL: sending challenge to client 2013-03-18 11:30:32 [Security] debug SASL: sending challenge to client 2013-03-18 11:30:32 [Security] info [::1]:5672-[::1]:56968 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:31:05 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:31:05 [Security] info SASL: Starting authentication with mechanism: ANONYMOUS 2013-03-18 11:31:05 [Security] info [::1]:5672-[::1]:56969 SASL: Authentication succeeded for: anonymous@QPID ------------------------------------- python qpid-config [root@mrg-qe-10 messaging]# qpid-config Total Exchanges: 8 topic: 3 headers: 1 fanout: 1 direct: 3 Total Queues: 4 durable: 0 non-durable: 4 [root@mrg-qe-10 messaging]# qpid-config -b guest/guest@localhost:5672 Total Exchanges: 8 topic: 3 headers: 1 fanout: 1 direct: 3 Total Queues: 4 durable: 0 non-durable: 4 [root@mrg-qe-10 messaging]# qpid-config -b guest/guest@localhost:5672 --sasl-mechanism=PLAIN Total Exchanges: 8 topic: 3 headers: 1 fanout: 1 direct: 3 Total Queues: 4 durable: 0 non-durable: 4 [root@mrg-qe-10 messaging]# grep SASL ~qpidd/qpidd.log 2013-03-18 11:35:35 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:35:35 [Security] info SASL: Starting authentication with mechanism: ANONYMOUS 2013-03-18 11:35:35 [Security] info [::1]:5672-[::1]:56972 SASL: Authentication succeeded for: anonymous@QPID 2013-03-18 11:36:04 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:36:04 [Security] info SASL: Starting authentication with mechanism: DIGEST-MD5 2013-03-18 11:36:04 [Security] debug SASL: sending challenge to client 2013-03-18 11:36:04 [Security] debug SASL: sending challenge to client 2013-03-18 11:36:04 [Security] info [::1]:5672-[::1]:56973 SASL: Authentication succeeded for: guest@QPID 2013-03-18 11:36:29 [Security] info SASL: Mechanism list: ANONYMOUS DIGEST-MD5 PLAIN 2013-03-18 11:36:29 [Security] info SASL: Starting authentication with mechanism: PLAIN 2013-03-18 11:36:29 [Security] info [::1]:5672-[::1]:56974 SASL: Authentication succeeded for: guest@QPID [root@mrg-qe-10 messaging]#