693840 – qpid-tools can get NOT functional by presence of cyrus-sasl-gssapi package (if kerberos is not configured)

Bug 693840 - qpid-tools can get NOT functional by presence of cyrus-sasl-gssapi package (if kerberos is not configured)

Summary: qpid-tools can get NOT functional by presence of cyrus-sasl-gssapi package (i...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	python-qpid
Sub Component:
Version:	Development
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	messaging-bugs
QA Contact:	MRG Quality Engineering
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-04-05 17:44 UTC by Frantisek Reznicek
Modified:	2015-11-16 01:13 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-03-21 12:24:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Frantisek Reznicek 2011-04-05 17:44:45 UTC

Description of problem:

qpid clients may loose functionality when cyrus-sasl-gssapi package is installed and kerberos not configured.

This situation might happen easily just when cyrus-sasl-gssapi is installed.
cyrus-sasl-gssapi is required by couple of projects/packages for instance 'ipa-client'.

When cyrus-sasl-gssapi is installed and kerberos is not configured then qpid-tools start to fail authentication with:
# qpid-config
Failed: ConnectionFailed: (None, 'SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No credentials cache found)')

Seen on RHEL5.6/6.1 i/x. This defect should track discussion whether the current behavior is correct.

Version-Release number of selected component (if applicable):
cyrus-sasl-2.1.22-5.el5_4.3.i386
cyrus-sasl-devel-2.1.22-5.el5_4.3.i386
cyrus-sasl-gssapi-2.1.22-5.el5_4.3.i386
cyrus-sasl-lib-2.1.22-5.el5_4.3.i386
cyrus-sasl-plain-2.1.22-5.el5_4.3.i386
python-qpid-0.10-1.el5.noarch
python-qpid-qmf-0.10-2.el5.i386
python-saslwrapper-0.1.934605-2.el5.i386
qpid-cpp-client-0.10-1.el5.i386
qpid-cpp-client-devel-0.10-1.el5.i386
qpid-cpp-client-devel-docs-0.10-1.el5.i386
qpid-cpp-client-rdma-0.10-1.el5.i386
qpid-cpp-client-ssl-0.10-1.el5.i386
qpid-cpp-mrg-debuginfo-0.10-1.el5.i386
qpid-cpp-server-0.10-1.el5.i386
qpid-cpp-server-cluster-0.10-1.el5.i386
qpid-cpp-server-devel-0.10-1.el5.i386
qpid-cpp-server-rdma-0.10-1.el5.i386
qpid-cpp-server-ssl-0.10-1.el5.i386
qpid-cpp-server-store-0.10-1.el5.i386
qpid-cpp-server-xml-0.10-1.el5.i386
qpid-dotnet-0.4.738274-2.el5.i386
qpid-java-client-0.10-1.el5.noarch
qpid-java-common-0.10-1.el5.noarch
qpid-java-example-0.10-1.el5.noarch
qpid-qmf-0.10-2.el5.i386
qpid-qmf-debuginfo-0.10-2.el5.i386
qpid-qmf-devel-0.10-2.el5.i386
qpid-tests-0.9.1078967-1.el5.noarch
qpid-tools-0.10-1.el5.noarch
rh-qpid-cpp-tests-0.10-1.el5.i386
ruby-qpid-qmf-0.10-2.el5.i386
ruby-saslwrapper-0.1.934605-2.el5.i386
saslwrapper-0.1.934605-2.el5.i386
saslwrapper-devel-0.1.934605-2.el5.i386

How reproducible:
100%


Steps to Reproduce:
1. install cyrus-sasl-gssapi
2. qpid-config
3. echo $?
  
Actual results:
qpid-tools fail when cyrus-sasl-gssapi is installed

Expected results:
It is questionable whether qpid-tool / qpid-config should behave this way.

Additional info:

Comment 1 Frantisek Reznicek 2011-04-05 17:45:50 UTC

RHEL 5.6 i386 case:
--- auth=yes, no cyrus-sasl-gssapi  ---

[root@mrg-qe-01 ~]# rpm -e cyrus-sasl-gssapi
[root@mrg-qe-01 ~]# vi /etc/qpidd.conf
[root@mrg-qe-01 ~]# # auth=yes
[root@mrg-qe-01 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-01 ~]# qpid-config
Total Exchanges: 8
    ...
    non-durable: 6
[root@mrg-qe-01 ~]# qpid-config -a guest/guest@localhost
Total Exchanges: 8
    ...
    non-durable: 6
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s
Please enter your password

connection-forced: Authentication failed
2011-04-05 13:25:18 warning Broker closed connection: 320, connection-forced: Authentication failed
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s --username guest --password guest
246.908 130.366 179.266 0.175064
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s --username guest --password guest --mechanism PLAIN
247.329 130.89  273.204 0.266801
[root@mrg-qe-01 ~]# qpid-stat -b
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  20s        2     2     8    18
[root@mrg-qe-01 ~]#

--- auth=yes, with cyrus-sasl-gssapi  ---

[root@mrg-qe-01 ~]#
[root@mrg-qe-01 ~]# yum install cyrus-sasl-gssapi
...
Installed:
  cyrus-sasl-gssapi.i386 0:2.1.22-5.el5_4.3

Complete!
[root@mrg-qe-01 ~]#
[root@mrg-qe-01 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-01 ~]# qpid-config
Failed: ConnectionFailed: (None, 'SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No credentials cache found)')
[root@mrg-qe-01 ~]# qpid-config -a guest/guest@localhost
Failed: ConnectionFailed: (None, 'SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No credentials cache found)')
[root@mrg-qe-01 ~]# qpid-config -a guest/guest@localhost --sasl-mechanism=PLAIN
Total Exchanges: 8
    ...
    non-durable: 6
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s
2011-04-05 13:27:12 warning Closing connection due to internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No credentials cache found) (qpid/SaslFactory.cpp:279)

internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No credentials cache found) (qpid/SaslFactory.cpp:279)
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s --username guest --password guest
2011-04-05 13:27:18 warning Closing connection due to internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No credentials cache found) (qpid/SaslFactory.cpp:279)

internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No credentials cache found) (qpid/SaslFactory.cpp:279)
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s --username guest --password guest --mechanism PLAIN
8842.2  114.655 459.637 0.448864
[root@mrg-qe-01 ~]# qpid-stat -b
Failed: ConnectionFailed - (None, 'SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No credentials cache found)')
[root@mrg-qe-01 ~]# qpid-stat -b --sasl-mechanism=PLAIN
Failed: ConnectionFailed - (None, 'SASL error: Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found')
[root@mrg-qe-01 ~]# qpid-stat -b --sasl-mechanism=ANONYMOUS
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  1m 31s     2     2     8    18
[root@mrg-qe-01 ~]#
[root@mrg-qe-01 ~]#

--- auth=no, no cyrus-sasl-gssapi  ---

[root@mrg-qe-01 ~]#
[root@mrg-qe-01 ~]# vi /etc/qpidd.conf
[root@mrg-qe-01 ~]# # auth=no
[root@mrg-qe-01 ~]# rpm -e cyrus-sasl-gssapi
[root@mrg-qe-01 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-01 ~]# qpid-config
Total Exchanges: 8
    ...
    non-durable: 6
[root@mrg-qe-01 ~]# qpid-config -a guest/guest@localhost
Total Exchanges: 8
    ...
    non-durable: 6
[root@mrg-qe-01 ~]# qpid-config -a guest/guest@localhost --sasl-mechanism=PLAIN
Total Exchanges: 8
    ...
    non-durable: 6
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s
245.909 60.442  468.518 0.457537
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s --username guest --password guest
241.427 118.068 241.715 0.23605
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s --username guest --password guest --mechanism PLAIN
245.884 60.8487 243.475 0.237769
[root@mrg-qe-01 ~]# qpid-stat -b
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  10s        2     2     8    18
[root@mrg-qe-01 ~]# qpid-stat -b --sasl-mechanism=PLAIN
Failed: ConnectionFailed - (None, 'SASL error: Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found')
[root@mrg-qe-01 ~]# qpid-stat -b --sasl-mechanism=ANONYMOUS
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  20s        2     2     8    18

--- auth=no, with cyrus-sasl-gssapi  ---

[root@mrg-qe-01 ~]# yum install cyrus-sasl-gssapi
...
Installed:
  cyrus-sasl-gssapi.i386 0:2.1.22-5.el5_4.3

Complete!
[root@mrg-qe-01 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-01 ~]# qpid-config
Total Exchanges: 8
    ...
    non-durable: 6
[root@mrg-qe-01 ~]# qpid-config -a guest/guest@localhost
Total Exchanges: 8
    ...
    non-durable: 6
[root@mrg-qe-01 ~]# qpid-config -a guest/guest@localhost --sasl-mechanism=PLAIN
Total Exchanges: 8
    ...
    non-durable: 6
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s
246.305 60.4863 465.092 0.454191
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s --username guest --password guest
245.36  116.908 468.649 0.457665
[root@mrg-qe-01 ~]# qpid-perftest --count 10 -s --username guest --password guest --mechanism PLAIN
247.055 84.5712 264.17  0.257978
[root@mrg-qe-01 ~]# qpid-stat -b
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  10s        2     2     8    18
[root@mrg-qe-01 ~]# qpid-stat -b --sasl-mechanism=PLAIN
Failed: ConnectionFailed - (None, 'SASL error: Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found')
[root@mrg-qe-01 ~]# qpid-stat -b --sasl-mechanism=ANONYMOUS
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  20s        2     2     8    18

Comment 2 Frantisek Reznicek 2011-04-05 17:51:09 UTC

RHEL 5.6 x86_64 case:

--- auth=yes, no cyrus-sasl-gssapi  ---

[root@mrg-qe-02 ~]# rpm -e cyrus-sasl-gssapi --allmatches
[root@mrg-qe-02 ~]#
[root@mrg-qe-02 ~]# vi /etc/qpidd.conf
[root@mrg-qe-02 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-02 ~]#
[root@mrg-qe-02 ~]# qpid-config
Total Exchanges: 12
    ...
    non-durable: 6
[root@mrg-qe-02 ~]# qpid-config -a guest/guest@localhost
Total Exchanges: 12
    ...
    non-durable: 6
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s
Please enter your password
2011-04-05 13:19:00 warning Broker closed connection: 320, connection-forced: Authentication failed

connection-forced: Authentication failed
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s --username guest --password guest
4743.83 274.997 455.892 0.445207
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s --username guest --password guest --mechanism PLAIN
247.752 85.1288 177.699 0.173534
[root@mrg-qe-02 ~]# qpid-stat -b
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  57s        2     2    12    76


--- auth=yes, with cyrus-sasl-gssapi  ---

[root@mrg-qe-02 ~]# yum install cyrus-sasl-gssapi
...
Installed:
  cyrus-sasl-gssapi.i386 0:2.1.22-5.el5_4.3                                     cyrus-sasl-gssapi.x86_64 0:2.1.22-5.el5_4.3

Complete!
[root@mrg-qe-02 ~]#
[root@mrg-qe-02 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-02 ~]# qpid-config
Failed: ConnectionFailed: (None, 'SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Unknown code krb5 195)')
[root@mrg-qe-02 ~]# qpid-config -a guest/guest@localhost
Total Exchanges: 12
    ...
    non-durable: 6
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s
Please enter your password
2011-04-05 13:20:08 warning Broker closed connection: 320, connection-forced: Authentication failed

connection-forced: Authentication failed
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s --username guest --password guest
5211.05 127.118 458.127 0.44739
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s --username guest --password guest --mechanism PLAIN
243.481 79.0645 240.558 0.23492
[root@mrg-qe-02 ~]# qpid-stat -b
Failed: ConnectionFailed - (None, 'SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Unknown code krb5 195)')
[root@mrg-qe-02 ~]# --sasl-mechanism=ANONYMOUS
-bash: --sasl-mechanism=ANONYMOUS: command not found
[root@mrg-qe-02 ~]# qpid-stat -b --sasl-mechanism=ANONYMOUS
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  56s        2     2    12    76
[root@mrg-qe-02 ~]# qpid-config --sasl-mechanism=ANONYMOUS
Total Exchanges: 12
    ...
    non-durable: 10
[root@mrg-qe-02 ~]#

--- auth=no, no cyrus-sasl-gssapi  ---

[root@mrg-qe-02 ~]# vi /etc/qpidd.conf
[root@mrg-qe-02 ~]# # auth=no
[root@mrg-qe-02 ~]# rpm -e cyrus-sasl-gssapi --allmatches
[root@mrg-qe-02 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-02 ~]# qpid-config
Total Exchanges: 12
    ...
    non-durable: 6
[root@mrg-qe-02 ~]# qpid-config -a guest/guest@localhost
Total Exchanges: 12
    ...
    non-durable: 6
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s
244.768 60.9983 240.512 0.234875
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s --username guest --password guest
239.555 48.2716 238.515 0.232925
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s --username guest --password guest --mechanism PLAIN
240.246 79.7709 237.535 0.231968
[root@mrg-qe-02 ~]# qpid-stat -b
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  16s        2     2    12    76
[root@mrg-qe-02 ~]# yum install cyrus-sasl-gssapi
...
Installed:
  cyrus-sasl-gssapi.i386 0:2.1.22-5.el5_4.3                                     cyrus-sasl-gssapi.x86_64 0:2.1.22-5.el5_4.3

Complete!
[root@mrg-qe-02 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-02 ~]# qpid-config
Total Exchanges: 12
    ...
    non-durable: 5
[root@mrg-qe-02 ~]# qpid-config -a guest/guest@localhost
Total Exchanges: 12
    ...
    non-durable: 5
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s
242.154 125.557 260.831 0.254718
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s --username guest --password guest
246.731 48.7052 241.039 0.23539
[root@mrg-qe-02 ~]# qpid-perftest --count 10 -s --username guest --password guest --mechanism PLAIN
246.609 79.5108 240.52  0.234883
[root@mrg-qe-02 ~]# qpid-stat -b
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  17s        2     2    12    76
[root@mrg-qe-02 ~]# rpm -qa | egrep '(qpid|qmf|sasl)' | sort
cyrus-sasl-2.1.22-5.el5_4.3.i386
cyrus-sasl-2.1.22-5.el5_4.3.x86_64
cyrus-sasl-devel-2.1.22-5.el5_4.3.i386
cyrus-sasl-devel-2.1.22-5.el5_4.3.x86_64
cyrus-sasl-gssapi-2.1.22-5.el5_4.3.i386
cyrus-sasl-gssapi-2.1.22-5.el5_4.3.x86_64
cyrus-sasl-lib-2.1.22-5.el5_4.3.i386
cyrus-sasl-lib-2.1.22-5.el5_4.3.x86_64
cyrus-sasl-md5-2.1.22-5.el5_4.3.i386
cyrus-sasl-md5-2.1.22-5.el5_4.3.x86_64
cyrus-sasl-plain-2.1.22-5.el5_4.3.i386
cyrus-sasl-plain-2.1.22-5.el5_4.3.x86_64
python-qpid-0.10-1.el5.noarch
python-qpid-qmf-0.10-2.el5.x86_64
python-saslwrapper-0.1.934605-2.el5.x86_64
qpid-cpp-client-0.10-1.el5.x86_64
qpid-cpp-client-devel-0.10-1.el5.x86_64
qpid-cpp-client-devel-docs-0.10-1.el5.x86_64
qpid-cpp-client-rdma-0.10-1.el5.x86_64
qpid-cpp-client-ssl-0.10-1.el5.x86_64
qpid-cpp-mrg-debuginfo-0.10-1.el5.x86_64
qpid-cpp-server-0.10-1.el5.x86_64
qpid-cpp-server-cluster-0.10-1.el5.x86_64
qpid-cpp-server-devel-0.10-1.el5.x86_64
qpid-cpp-server-rdma-0.10-1.el5.x86_64
qpid-cpp-server-ssl-0.10-1.el5.x86_64
qpid-cpp-server-store-0.10-1.el5.x86_64
qpid-cpp-server-xml-0.10-1.el5.x86_64
qpid-dotnet-0.4.738274-2.el5.x86_64
qpid-java-client-0.10-1.el5.noarch
qpid-java-common-0.10-1.el5.noarch
qpid-java-example-0.10-1.el5.noarch
qpid-qmf-0.10-2.el5.x86_64
qpid-qmf-debuginfo-0.10-2.el5.x86_64
qpid-qmf-devel-0.10-2.el5.x86_64
qpid-tests-0.9.1073306-1.el5.noarch
qpid-tools-0.10-1.el5.noarch
rh-qpid-cpp-tests-0.10-1.el5.x86_64
ruby-qpid-qmf-0.10-2.el5.x86_64
ruby-saslwrapper-0.1.934605-2.el5.x86_64
saslwrapper-0.1.934605-2.el5.x86_64
saslwrapper-devel-0.1.934605-2.el5.x86_64

Comment 3 Frantisek Reznicek 2011-04-05 17:55:00 UTC

RHEL 6.1 i686 case:

--- auth=yes, no cyrus-sasl-gssapi  ---

[root@mrg-qe-07 ~]# service qpidd start
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-07 ~]#
[root@mrg-qe-07 ~]# qpid-config
Total Exchanges: 8
    ...
    non-durable: 5
[root@mrg-qe-07 ~]# qpid-config -a guest/guest@localhost
Total Exchanges: 8
    ...
    non-durable: 5
[root@mrg-qe-07 ~]# qpid-perftest --count 10 -s --username guest --password guest
4261.36 132.647 308.127 0.300906
[root@mrg-qe-07 ~]# qpid-stat -b
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  50s        1     1     8    10

--- auth=yes, with cyrus-sasl-gssapi  ---

[root@mrg-qe-07 ~]# yum install cyrus-sasl-gssapi
...
Installed:
  cyrus-sasl-gssapi.i686 0:2.1.23-8.el6

Complete!
[root@mrg-qe-07 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-07 ~]# qpid-config
Failed: ConnectionFailed: (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")
[root@mrg-qe-07 ~]# qpid-config -a guest/guest@localhost
Failed: ConnectionFailed: (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")
[root@mrg-qe-07 ~]# qpid-perftest --count 10 -s --username guest --password guest
2011-04-05 13:10:20 warning Closing connection due to internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found) (qpid/SaslFactory.cpp:279)

internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found) (qpid/SaslFactory.cpp:279)
[root@mrg-qe-07 ~]# qpid-perftest --count 10 -s
2011-04-05 13:10:26 warning Closing connection due to internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found) (qpid/SaslFactory.cpp:279)

internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found) (qpid/SaslFactory.cpp:279)
[root@mrg-qe-07 ~]#
[root@mrg-qe-07 ~]# qpid-perftest --count 10 -s --username guest --password guest --mechanism PLAIN
251.096 59.5055 244.652 0.238918
[root@mrg-qe-07 ~]# qpid-config -a guest/guest@localhost --sasl-mechanism=PLAIN
Total Exchanges: 8
    ...
    non-durable: 10
[root@mrg-qe-07 ~]# qpid-stat -b --sasl-mechanism=PLAIN
Failed: ConnectionFailed - (None, 'SASL error: Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found')
[root@mrg-qe-07 ~]# qpid-stat -b --sasl-mechanism=ANONYMOUS
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  2m 10s     1     1     8    10
[root@mrg-qe-07 ~]#


--- auth=no, with cyrus-sasl-gssapi  ---


[root@mrg-qe-07 ~]# vi /etc/qpidd.conf
[root@mrg-qe-07 ~]# # auth=no
[root@mrg-qe-07 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-07 ~]# qpid-stat -b
Brokers
  broker          cluster       uptime  conn  sess  exch  queue
  ===============================================================
  localhost:5672  <standalone>  0s         1     1     8     5
[root@mrg-qe-07 ~]# qpid-config
Total Exchanges: 8
    ...
    non-durable: 14
[root@mrg-qe-07 ~]# qpid-perftest --count 100 -s
2261.17 786.665 2350.14 2.29506

Comment 4 Gordon Sim 2011-04-06 09:25:29 UTC

The situation is certainly undesirable. Cyrus chooses between available mechanisms and appears to favour GSSAPI if available over PLAIN/ANONYMOUS. The mechanisms in use can be restricted by editing the sasl conf file (i.e. for the broker as a whole) or by the client further restricting the mechs (i.e. on a per connection basis).

The question is whether there is anything that can be done to determine if GSSAPI is correctly configured in a given use case and disable it if not. Or whether it is right to automatically retry with a different choice of mechanism if authentication with the first choice fails. (IN general I am uncomfortable about this latter approach).

Comment 5 Justin Ross 2013-02-24 21:10:29 UTC

Does this problem still occur?  In bug 846465 we introduced a default mech list that excludes gssapi, but I don't know if it affects the tools in this instance.

Comment 6 Frantisek Reznicek 2013-03-18 15:13:30 UTC

Issue is not seen anymore on latest stable packages (bug 846465, comment 17).
Issue was resolved by bug 846465.

-> VERIFIED

Note You need to log in before you can comment on or make changes to this bug.