Bug 974676 - python qpid client rarely refuses to correctly authenticate with qpidd server using GSSAPI [connection-forced: Authentication failed(320) - authentication failure: Requested identity not authenticated identity]
python qpid client rarely refuses to correctly authenticate with qpidd server...
Status: NEW
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: python-qpid (Show other bugs)
2.3
Unspecified Unspecified
medium Severity unspecified
: ---
: ---
Assigned To: Ernie
MRG Quality Engineering
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-14 15:19 EDT by Frantisek Reznicek
Modified: 2015-11-15 20:17 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Frantisek Reznicek 2013-06-14 15:19:32 EDT
Description of problem:

Python qpid client rarely refuses to correctly authenticate with qpidd server using GSSAPI [connection-forced: Authentication failed(320) - authentication failure: Requested identity not authenticated identity]:

There are observations that both qpid python clients (low level client, high level client) are rarely failing client-server authentication following way:
Traceback (most recent call last):
  File "/mnt/tests/distribution/MRG/Messaging/qpid_common/clients/python/qc2_spout.py", line 222, in ?
    conn.open()
  File "<string>", line 6, in open
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 256, in open
    self.attach()
  File "<string>", line 6, in attach
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 274, in attach
    self._ewait(lambda: self._transport_connected and not self._unlinked())
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 209, in _ewait
    self.check_error()
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 202, in check_error
    raise self.error
qpid.messaging.exceptions.ConnectionError: connection-forced: Authentication failed(320)
ecode:1

broker log appears to show:
2013-06-14 11:17:34 [System] debug RECV [10.16.64.214:35754-10.16.64.214:43388]: INIT(0-10)
2013-06-14 11:17:34 [Security] debug External ssf=0 and auth=
2013-06-14 11:17:34 [Security] debug min_ssf: 0, max_ssf: 256, external_ssf: 0
2013-06-14 11:17:34 [Security] info SASL: Mechanism list: GSSAPI PLAIN LOGIN ANONYMOUS
2013-06-14 11:17:34 [Broker] debug LinkRegistry::notifyConnection(); key=10.16.64.214:35754-10.16.64.214:43388
2013-06-14 11:17:34 [Management] debug Management object (V1) added: org.apache.qpid.broker:connection:10.16.64.214:35754-10.16.64.214:43388
2013-06-14 11:17:34 [Security] info SASL: Starting authentication with mechanism: GSSAPI
2013-06-14 11:17:34 [Security] debug SASL: sending challenge to client
2013-06-14 11:17:34 [Security] debug SASL: sending challenge to client
2013-06-14 11:17:34 [Security] info SASL: Authentication failed for nIK6mBQg47FbeSNt3saqYa2qvI7Xk1KsOvb:SASL(-13): authentication failure: Requested identity not authenticated identity
2013-06-14 11:17:34 [System] debug Exception constructed: Authentication failed
2013-06-14 11:17:34 [Management] debug SEND raiseEvent (v1) class=org.apache.qpid.broker.clientConnectFail
2013-06-14 11:17:34 [Management] debug SEND raiseEvent (v2) class=org.apache.qpid.broker.clientConnectFail
2013-06-14 11:17:34 [Model] debug Failed connection. rhost:10.16.64.214:35754-10.16.64.214:43388 user:nIK6mBQg47FbeSNt3saqYa2qvI7Xk1KsOvb reason:SASL(-13): authentication failure: Requested identity not authenticated identity
2013-06-14 11:17:34 [System] debug DISCONNECTED [10.16.64.214:35754-10.16.64.214:43388]
2013-06-14 11:17:34 [Management] debug SEND raiseEvent (v1) class=org.apache.qpid.broker.clientDisconnect
2013-06-14 11:17:34 [Management] debug SEND raiseEvent (v2) class=org.apache.qpid.broker.clientDisconnect
2013-06-14 11:17:34 [Model] debug Delete connection. user: rhost:10.16.64.214:35754-10.16.64.214:43388

Testing script uses multiple clients in a batch.
Results are showing that just fractional amount of python client authenticating cases are failing.
Just python client is failing, others (c++, ruby, java) are passing.

These facts lead to current conclusion that it is just problem of python client with very low reproducibility.


Version-Release number of selected component (if applicable):
qpid-0.18

How reproducible:
<1%

Steps to Reproduce:
0. perform in loop qpid_ptest_authentication_krb5 test
or following steps   
1. set-up kerberos infrastructure
2. kinit
3. run client[s], expect PASS
4. kdestroy
5. run client[s], expect FAIL
6. kinit
7. run client[s], expect PASS
8. loop steps 2-7.

Actual results:
Python qpid client fails to authenticate using GSSAPI auth. method in situation when success is expected.

Expected results:
Python qpid client should not fail authenticate in above cases.

Note You need to log in before you can comment on or make changes to this bug.