From dev-return-98351-archive-asf-public=cust-asf.ponee.io@qpid.apache.org Thu Oct 24 22:58:02 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 5E83F180660 for ; Fri, 25 Oct 2019 00:58:02 +0200 (CEST) Received: (qmail 87711 invoked by uid 500); 24 Oct 2019 22:58:01 -0000 Mailing-List: contact dev-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@qpid.apache.org Delivered-To: mailing list dev@qpid.apache.org Received: (qmail 87613 invoked by uid 99); 24 Oct 2019 22:58:01 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Oct 2019 22:58:01 +0000 Received: from jira-he-de.apache.org (static.172.67.40.188.clients.your-server.de [188.40.67.172]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id B01C6E30CD for ; Thu, 24 Oct 2019 22:58:00 +0000 (UTC) Received: from jira-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira-he-de.apache.org (ASF Mail Server at jira-he-de.apache.org) with ESMTP id 3206B7806B8 for ; Thu, 24 Oct 2019 22:58:00 +0000 (UTC) Date: Thu, 24 Oct 2019 22:58:00 +0000 (UTC) From: =?utf-8?Q?Jiri_Dan=C4=9Bk_=28Jira=29?= To: dev@qpid.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (PROTON-2124) Disable GS2-KRB5 and GS2-IAKERB SASL mechanisms if they are not explicitly enabled MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/PROTON-2124?page=3Dcom.atlassi= an.jira.plugin.system.issuetabpanels:all-tabpanel ] Jiri Dan=C4=9Bk resolved PROTON-2124. -------------------------------- Resolution: Fixed > Disable GS2-KRB5 and GS2-IAKERB SASL mechanisms if they are not explicitl= y enabled > -------------------------------------------------------------------------= --------- > > Key: PROTON-2124 > URL: https://issues.apache.org/jira/browse/PROTON-2124 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c > Reporter: Jiri Dan=C4=9Bk > Assignee: Jiri Dan=C4=9Bk > Priority: Major > Labels: release-notes, sasl, usability > Fix For: proton-c-0.30.0 > > > I've noticed two additional kerberos sasl mechanisms that aren't blacklis= ted > bq. [0xb80670]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=3D@PN_SY= MBOL[:"GS2-IAKERB", :"GS2-KRB5", :"SCRAM-SHA-1", :"SCRAM-SHA-256", :GSSAPI,= :"GSS-SPNEGO", :"DIGEST-MD5", :OTP, :"CRAM-MD5", :ANONYMOUS]] > They are GS2-IAKERB and GS2-KRB5. The GS2-KRB5 is the problematic one, al= lowing GS2-IAKERB does not stop proton from trying ANONYMOUS=C2=A0eventuall= y. > When GS2-KRB5 is enabled, I get this failure instead (in ctest tests, tes= t 23, or when connecting {{sender}} example to {{broker}} example) > bq. 23: amqp:unauthorized-access: SASL(-1): generic failure: GS2 Error: U= nspecified GSS failure. Minor code may provide more information (Ticket ex= pired) (Authentication failed [mech=3Dnone]) > I think those must be new.=C2=A0They appear on macOS, or if I install all= cyrus-sasl packages on RHEL 7.7 or RHEL 8.1. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org For additional commands, e-mail: dev-help@qpid.apache.org