Special case of bug 604149. Additionally qpid-cluster should make it clear how username and password can be specified in the URL.
Created attachment 691644 [details] Adds --sasl-mechanism to qpid-tool and changes qpid-config usage text For qpid-tool, added --sasl-mechanism and --ssl-certificate options. the cert can still be passed at the end of the command line. For qpid-config, changed the usage text to show passing a username/password with the broker address.
Correction: qpid-cluster was changed to show the username/password.
Created attachment 696160 [details] Adds --sasl-mechanism --ssl-certificate and --ssl-key to qpid-tool and changes qpid-config usage text Added --ssl-key to patch to match fix from bug 895535
The patch unfortunately no longer applies against current trunk (there was some cert work in the meantime), and I can't easily tell how to resolve it. Ernie, please generate a new patch.
Created attachment 738574 [details] Adds --broker and --sasl-mechanism to qpid-tool Refactored patch to work with current trunk
-> POST http://svn.apache.org/viewvc?view=revision&revision=1471120
The title of this BZ is out-of-date. While the developer was working on it, his work collided with another developer's work, which added the --sasl-mechanism ability to qpid-cluster and qmf-tool. His final patch for this bug *only* affects qpid-tool .
Bug observed on latest-stable packages on RHEL 6.4 (see below for package lists ) Fix observed on RHEL 6.4 x { x86_64 , i686 } packages { latest-stable { cyrus-sasl-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 python-qpid-0.18-4.el6.noarch python-qpid-qmf-0.18-15.el6.x86_64 python-saslwrapper-0.18-1.el6_3.x86_64 qpid-cpp-client-0.18-14.el6.x86_64 qpid-cpp-client-devel-0.18-14.el6.x86_64 qpid-cpp-client-devel-docs-0.18-14.el6.noarch qpid-cpp-client-rdma-0.18-14.el6.x86_64 qpid-cpp-client-ssl-0.18-14.el6.x86_64 qpid-cpp-debuginfo-0.14-22.el6_3.x86_64 qpid-cpp-server-0.18-14.el6.x86_64 qpid-cpp-server-cluster-0.18-14.el6.x86_64 qpid-cpp-server-devel-0.18-14.el6.x86_64 qpid-cpp-server-rdma-0.18-14.el6.x86_64 qpid-cpp-server-ssl-0.18-14.el6.x86_64 qpid-cpp-server-store-0.18-14.el6.x86_64 qpid-cpp-server-xml-0.18-14.el6.x86_64 qpid-java-client-0.18-7.el6.noarch qpid-java-common-0.18-7.el6.noarch qpid-java-example-0.18-7.el6.noarch qpid-jca-0.18-8.el6.noarch qpid-jca-xarecovery-0.18-8.el6.noarch qpid-proton-c-0.4-2.2.el6.x86_64 qpid-proton-c-devel-0.4-2.2.el6.x86_64 qpid-qmf-0.18-15.el6.x86_64 qpid-qmf-debuginfo-0.14-14.el6_3.x86_64 qpid-qmf-devel-0.18-15.el6.x86_64 qpid-tests-0.18-2.el6.noarch qpid-tools-0.18-8.el6.noarch saslwrapper-0.18-1.el6_3.x86_64 saslwrapper-devel-0.18-1.el6_3.x86_64 } latest-and-greatest { 32-bit { cyrus-sasl-2.1.23-13.el6_3.1.i686 cyrus-sasl-devel-2.1.23-13.el6_3.1.i686 cyrus-sasl-gssapi-2.1.23-13.el6_3.1.i686 cyrus-sasl-lib-2.1.23-13.el6_3.1.i686 cyrus-sasl-md5-2.1.23-13.el6_3.1.i686 cyrus-sasl-plain-2.1.23-13.el6_3.1.i686 python-qpid-0.22-4.el6.noarch python-qpid-qmf-0.22-7.el6.i686 python-saslwrapper-0.22-3.el6.i686 qpid-cpp-client-0.22-8.el6.i686 qpid-cpp-client-devel-0.22-8.el6.i686 qpid-cpp-client-devel-docs-0.22-8.el6.noarch qpid-cpp-client-rdma-0.22-8.el6.i686 qpid-cpp-client-ssl-0.22-8.el6.i686 qpid-cpp-debuginfo-0.22-8.el6.i686 qpid-cpp-server-0.22-8.el6.i686 qpid-cpp-server-devel-0.22-8.el6.i686 qpid-cpp-server-ha-0.22-8.el6.i686 qpid-cpp-server-rdma-0.22-8.el6.i686 qpid-cpp-server-ssl-0.22-8.el6.i686 qpid-cpp-server-store-0.22-8.el6.i686 qpid-cpp-server-xml-0.22-8.el6.i686 qpid-cpp-tar-0.22-8.el6.noarch qpid-java-client-0.22-5.el6.noarch qpid-java-common-0.22-5.el6.noarch qpid-java-example-0.22-5.el6.noarch qpid-proton-c-0.4-2.2.el6.i686 qpid-proton-c-devel-0.4-2.2.el6.i686 qpid-proton-debuginfo-0.4-2.2.el6.i686 qpid-qmf-0.22-7.el6.i686 qpid-qmf-debuginfo-0.22-7.el6.i686 qpid-qmf-devel-0.22-7.el6.i686 qpid-snmpd-1.0.0-12.el6.i686 qpid-snmpd-debuginfo-1.0.0-12.el6.i686 qpid-tests-0.22-4.el6.noarch qpid-tools-0.22-3.el6.noarch rh-qpid-cpp-tests-0.22-8.el6.i686 saslwrapper-0.22-3.el6.i686 } 64-bit { cyrus-sasl-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 python-qpid-0.22-4.el6.noarch python-qpid-qmf-0.22-7.el6.x86_64 python-saslwrapper-0.22-3.el6.x86_64 qpid-cpp-client-0.22-8.el6.x86_64 qpid-cpp-client-devel-0.22-8.el6.x86_64 qpid-cpp-client-devel-docs-0.22-8.el6.noarch qpid-cpp-client-rdma-0.22-8.el6.x86_64 qpid-cpp-client-ssl-0.22-8.el6.x86_64 qpid-cpp-debuginfo-0.22-8.el6.x86_64 qpid-cpp-server-0.22-8.el6.x86_64 qpid-cpp-server-devel-0.22-8.el6.x86_64 qpid-cpp-server-ha-0.22-8.el6.x86_64 qpid-cpp-server-rdma-0.22-8.el6.x86_64 qpid-cpp-server-ssl-0.22-8.el6.x86_64 qpid-cpp-server-store-0.22-8.el6.x86_64 qpid-cpp-server-xml-0.22-8.el6.x86_64 qpid-cpp-tar-0.22-8.el6.noarch qpid-java-client-0.22-5.el6.noarch qpid-java-common-0.22-5.el6.noarch qpid-java-example-0.22-5.el6.noarch qpid-proton-c-0.4-2.2.el6.x86_64 qpid-proton-c-devel-0.4-2.2.el6.x86_64 qpid-proton-debuginfo-0.4-2.2.el6.x86_64 qpid-qmf-0.22-7.el6.x86_64 qpid-qmf-debuginfo-0.22-7.el6.x86_64 qpid-qmf-devel-0.22-7.el6.x86_64 qpid-snmpd-1.0.0-12.el6.x86_64 qpid-snmpd-debuginfo-1.0.0-12.el6.x86_64 qpid-tests-0.22-4.el6.noarch qpid-tools-0.22-3.el6.noarch rh-qpid-cpp-tests-0.22-8.el6.x86_64 saslwrapper-0.22-3.el6.x86_64 saslwrapper-devel-0.22-3.el6.x86_64 } } }
(In reply to Ernie from comment #4) > Created attachment 696160 [details] > Adds --sasl-mechanism --ssl-certificate and --ssl-key to qpid-tool and > changes qpid-config usage text > > Added --ssl-key to patch to match fix from bug 895535 Hmm, there doesn't seem to be specific mention in the MICG about the new parameters for qpid-tool. There is a section describing how to use qpid-tool, but not specifically how or when to use SASL http://docbuilder.usersys.redhat.com/18173/#Using_qpid_tool There is a section dealing with configuring SASL itself, but I don't think this is the place to talk about qpid-tool commands. http://docbuilder.usersys.redhat.com/18173/#sect-Simple_Authentication_and_Security_Layer_-_SASL Are we relying on customers looking at the --help for the tool to learn about the features? If we should document these parameters specifically, I can do this after the 3.0 GA.
(In reply to Jared MORGAN from comment #11) > (In reply to Ernie from comment #4) > > Created attachment 696160 [details] > > Adds --sasl-mechanism --ssl-certificate and --ssl-key to qpid-tool and > > changes qpid-config usage text > > > > Added --ssl-key to patch to match fix from bug 895535 > > Hmm, there doesn't seem to be specific mention in the MICG about the new > parameters for qpid-tool. > > There is a section describing how to use qpid-tool, but not specifically how > or when to use SASL > > http://docbuilder.usersys.redhat.com/18173/#Using_qpid_tool > > There is a section dealing with configuring SASL itself, but I don't think > this is the place to talk about qpid-tool commands. > > http://docbuilder.usersys.redhat.com/18173/#sect- > Simple_Authentication_and_Security_Layer_-_SASL > > Are we relying on customers looking at the --help for the tool to learn > about the features? > > If we should document these parameters specifically, I can do this after the > 3.0 GA. The new parameters for qpid-tool should be documented in the #Using_qpid_tool section.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-1296.html