qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pavel Moravec <pmora...@redhat.com>
Subject Re: Configuration of CRAM-MD5 SASL method?
Date Thu, 04 Aug 2011 13:15:25 GMT
Hi Gordon,
thanks a lot. Checking source code was the next step in my investigation here ;-)

Kind regards,
Pavel


----- Original Message -----
From: "Gordon Sim" <gsim@redhat.com>
To: users@qpid.apache.org
Sent: Thursday, August 4, 2011 2:53:39 PM
Subject: Re: Configuration of CRAM-MD5 SASL method?

On 08/04/2011 09:47 AM, Pavel Moravec wrote:
> Hi all,
> does somebody know how to configure CRAM-MD5 SASL authentication method? I tried the
following:
>
> # cat /etc/sasl2/qpidd.conf
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /var/lib/qpidd/qpidd.sasldb
>
> #following line stops spurious 'sql_select option missing' errors when
> #cyrus-sql-sasl plugin is installed
> sql_select: dummy select
> mech_list: cram-md5
> # qpid-perftest --count 100 --username guest --password guest --mechanism CRAM-MD5
> 2011-08-04 10:34:49 warning Broker closed connection: 320, connection-forced: Authentication
failed
>
> connection-forced: Authentication failed
> #
>
> qpid debug has:
>
> 2011-08-04 10:33:05 info SASL: Mechanism list: CRAM-MD5
> 2011-08-04 10:33:05 debug Management object (V1) added: org.apache.qpid.broker:connection:127.0.0.1:5672-127.0.0.1:54123
> 2011-08-04 10:33:05 debug SASL: Starting authentication with mechanism: CRAM-MD5
> 2011-08-04 10:33:05 warning Failed to retrieve sasl username
> 2011-08-04 10:33:05 info SASL: Authentication failed (no username available):SASL(-6):
can't request info until later in exchange: Information that was requested is not yet available.
> 2011-08-04 10:33:05 debug Exception constructed: Authentication failed
> 2011-08-04 10:33:05 warning Failed to retrieve sasl username
>
> The same (error 320 and SASL(-6)) I received when using Java HelloWorld program specifying
sasl_mechs='CRAM-MD5' .
>
> Any suggestions what do I wrong? As when I replace "CRAM-MD5" by "DIGEST-MD5" in sasl
config file and perftest command line, the authentication passes.. (well, it does not in Java
HelloWorld program, but that is another story).

You aren't doing anything wrong, this appears to be a bug in the broker. 
I have raised a JIRA (QPID-3393) and have a fix that I'll commit shortly.

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


Mime
View raw message