activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-6055) SASL PLAIN auth with AMQP doesn't take authzid into account
Date Fri, 20 Nov 2015 21:19:11 GMT

    [ https://issues.apache.org/jira/browse/AMQ-6055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018820#comment-15018820
] 

ASF subversion and git services commented on AMQ-6055:
------------------------------------------------------

Commit 451344486be8d82a2a9cde093fedf0737104ab83 in activemq's branch refs/heads/activemq-5.12.x
from [~tabish121]
[ https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=4513444 ]

https://issues.apache.org/jira/browse/AMQ-6055

Account for Authzid in SASL PLAIN mechanism and provide a means to fail
the authorization if the challenge response is invalid.  Update the
client to properly exclude sasl mechanism that don't apply to it's
configured credentials such as using only ANONYMOUS when no user or
password is set.
(cherry picked from commit b5dd0a16f4197cfab086b3139892a73b27c8ac74)


> SASL PLAIN auth with AMQP doesn't take authzid into account
> -----------------------------------------------------------
>
>                 Key: AMQ-6055
>                 URL: https://issues.apache.org/jira/browse/AMQ-6055
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: AMQP, Broker, jaas
>    Affects Versions: 5.12.1
>         Environment: # lsb_release -a
> No LSB modules are available.
> Distributor ID: Ubuntu
> Description:    Ubuntu 14.04.3 LTS
> Release:        14.04
> Codename:       trusty
> # uname -a
> Linux esb-test-mq01 3.13.0-67-generic #110-Ubuntu SMP Fri Oct 23 13:24:41 UTC 2015 x86_64
x86_64 x86_64 GNU/Linux
>            Reporter: Simon Lundstrom
>            Priority: Blocker
>             Fix For: 5.13.0, 5.12.2
>
>
> SASL PLAIN authentication with AMQP doesn't take authzid into account and fails authentication
when it's fully legal in SASL PLAIN.
> See [PROTON-1055] for a more detailed description including debug logs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message