Bug 744148 - Cluster authentication mechanism DIGEST-MD5 sometimes fails
Summary: Cluster authentication mechanism DIGEST-MD5 sometimes fails
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp
Version: 2.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: messaging-bugs
QA Contact: MRG Quality Engineering
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-07 08:58 UTC by Zdenek Kraus
Modified: 2020-11-04 18:27 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)
reproducer (1.04 MB, application/x-tar)
2011-10-07 08:58 UTC, Zdenek Kraus
no flags Details

Description Zdenek Kraus 2011-10-07 08:58:06 UTC
Created attachment 526847 [details]
reproducer

Description of problem:
Broker accepts
--cluster-mechanism=DIGEST-MD5. When brokers negotiating cluster, they starts
to communicating with MD5, but in 60% fail because of unsupported auth mechanism.


Version-Release number of selected component (if applicable):
qpid-cpp-server-*-0.10-9.el5
qpid-cpp-server-*-0.10-4.el6_1.1

How reproducible:
~60%

Steps to Reproduce:
1. set sasl mechanism for qpidd to DIGEST-MD5. Into /etc/sasl2/qpidd.conf append
mech_list: DIGEST-MD5
2. check if sasldb of qpidd has guest:guest credential. Ortherwise
saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb
3. Start main broker with --cluster-mechanism=DIGEST-MD5 --cluster-username=guest --cluster-password=guest
4. Start backup broker with --cluster-mechanism=DIGEST-MD5 --cluster-username=guest --cluster-password=guest
  
5. repeat launching brokers until they failed to authenticate

Actual results:
2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 INIT) cluster-uuid =
0022b2b4-e72f-4d7a-8b56-e4c4b43edfb4
2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 JOINER) joining cluster
auth-cluster-hostname
2011-10-06 14:00:07 notice Broker running
2011-10-06 14:00:07 info cluster(192.168.6.2:2650 JOINER) stall for update
offer from 192.168.6.2:2643 to 192.168.6.2:2650
2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 UPDATEE) receiving update
from 192.168.6.2:2643
2011-10-06 14:00:07 info SASL: Mechanism list: DIGEST-MD5
2011-10-06 14:00:07 info 192.168.6.2:5673-192.168.6.2:38991 SASL:
Authentication succeeded for: guest@QPID
2011-10-06 14:00:07 info Queue "qpid.cluster-update": Policy created:
type=reject; maxCount=0; maxSize=104857600
2011-10-06 14:00:07 info Queue "qpid.cluster-update": Flow limit created:
flowStopCount=0, flowResumeCount=0, flowStopSize=83886080,
flowResumeSize=73400320
2011-10-06 14:00:07 warning Client closed connection with 501: Desired
mechanism(s) not valid: DIGEST-MD5 (supported: ANONYMOUS PLAIN)
(qpid/client/ConnectionHandler.cpp:250)
2011-10-06 14:00:07 critical cluster(192.168.6.2:2650 UPDATEE) catch-up
connection closed prematurely 127.0.0.1:5672-127.0.0.1:42495(192.168.6.2:2650-2
local,catchup)
2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 LEFT) leaving cluster
auth-cluster-hostname
2011-10-06 14:00:07 notice Shut down


Expected results:
Brokers will authenticate correctly, every time.

Additional info:
Use attached script to reproduce error. Script will perform 16 rounds of authentication. You have manually check /var/lib/qpidd/qpidd.sasldb for credentials. Sasl mechanism for qpidd is set by script.


Note You need to log in before you can comment on or make changes to this bug.