Bug 834390 - Regression: out of the box qpidd & clients generate gssapi auth errors
Summary: Regression: out of the box qpidd & clients generate gssapi auth errors
Keywords:
Status: CLOSED DUPLICATE of bug 815482
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp
Version: 2.1.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: messaging-bugs
QA Contact: MRG Quality Engineering
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-21 18:27 UTC by Matthew Farrellee
Modified: 2012-06-22 02:13 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-22 02:13:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Matthew Farrellee 2012-06-21 18:27:01 UTC 
qpidd & clients out of the box try to use the GSSAPI SASL mechanism when proper credentials are not available.

(non-qpid-tools clients also suffer this if cyrus-sasl-gssapi is installed, which appears to be the case in a base EL install. seen via c++, ruby and python qmf clients & agents)


From a fresh EL6.1 system (MRG AMI tested, ami-39f73850) -

# yum install qpid-cpp-server qpid-tools
...

# rpm -q qpid-cpp-server qpid-tools
qpid-cpp-server-0.14-16.el6.x86_64
qpid-tools-0.14-2.el6_2.noarch

# service qpidd start
Starting Qpid AMQP daemon:                                 [  OK  ]

# qpid-stat -c
Failed: ConnectionFailed - (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")

# rpm -q cyrus-sasl-gssapi
cyrus-sasl-gssapi-2.1.23-8.el6.x86_64

# yum remove cyrus-sasl-gssapi
...

# qpid-stat -c
Connections
  client-addr                     cproc      cpid  auth            connected  idle  msgIn  msgOut
  =================================================================================================
  127.0.0.1:5672-127.0.0.1:57922  qpid-stat  1366  anonymous@QPID  0s         0s     208    263

# yum install cyrus-sasl-gssapi
...


# qpid-stat -c
Failed: ConnectionFailed - (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")

# echo "mech_list: DIGEST-MD5 ANONYMOUS" >> /etc/sasl2/qpidd.conf

# qpid-stat -c
Failed: ConnectionFailed - (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")

# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]

# qpid-stat -c
Connections
  client-addr                     cproc      cpid  auth            connected  idle  msgIn  msgOut
  =================================================================================================
  127.0.0.1:5672-127.0.0.1:57933  qpid-stat  1465  anonymous@QPID  2s         0s     208    263
Comment 1 Jeff Needle 2012-06-22 02:13:37 UTC 

*** This bug has been marked as a duplicate of bug 815482 ***
Note You need to log in before you can comment on or make changes to this bug.