This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 834390 - Regression: out of the box qpidd & clients generate gssapi auth errors
Regression: out of the box qpidd & clients generate gssapi auth errors
Status: CLOSED DUPLICATE of bug 815482
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
2.1.2
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: messaging-bugs
MRG Quality Engineering
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-21 14:27 EDT by Matthew Farrellee
Modified: 2012-06-21 22:13 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-21 22:13:37 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Matthew Farrellee 2012-06-21 14:27:01 EDT
qpidd & clients out of the box try to use the GSSAPI SASL mechanism when proper credentials are not available.

(non-qpid-tools clients also suffer this if cyrus-sasl-gssapi is installed, which appears to be the case in a base EL install. seen via c++, ruby and python qmf clients & agents)


From a fresh EL6.1 system (MRG AMI tested, ami-39f73850) -

# yum install qpid-cpp-server qpid-tools
...

# rpm -q qpid-cpp-server qpid-tools
qpid-cpp-server-0.14-16.el6.x86_64
qpid-tools-0.14-2.el6_2.noarch

# service qpidd start
Starting Qpid AMQP daemon:                                 [  OK  ]

# qpid-stat -c
Failed: ConnectionFailed - (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")

# rpm -q cyrus-sasl-gssapi
cyrus-sasl-gssapi-2.1.23-8.el6.x86_64

# yum remove cyrus-sasl-gssapi
...

# qpid-stat -c
Connections
  client-addr                     cproc      cpid  auth            connected  idle  msgIn  msgOut
  =================================================================================================
  127.0.0.1:5672-127.0.0.1:57922  qpid-stat  1366  anonymous@QPID  0s         0s     208    263

# yum install cyrus-sasl-gssapi
...


# qpid-stat -c
Failed: ConnectionFailed - (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")

# echo "mech_list: DIGEST-MD5 ANONYMOUS" >> /etc/sasl2/qpidd.conf

# qpid-stat -c
Failed: ConnectionFailed - (None, "SASL error: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)")

# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]

# qpid-stat -c
Connections
  client-addr                     cproc      cpid  auth            connected  idle  msgIn  msgOut
  =================================================================================================
  127.0.0.1:5672-127.0.0.1:57933  qpid-stat  1465  anonymous@QPID  2s         0s     208    263
Comment 1 Jeff Needle 2012-06-21 22:13:37 EDT

*** This bug has been marked as a duplicate of bug 815482 ***

Note You need to log in before you can comment on or make changes to this bug.