qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fraser Adams <fraser.ad...@blueyonder.co.uk>
Subject Authentication newbie help sought - I'm afraid I'm failing at the first hurdle :-(
Date Tue, 04 Oct 2011 18:47:20 GMT
Hi all,
I thought I'd have an initial play with authentication, but I'm afraid 
that I seem to be failing at the first hurdle.

So what I've done so far is:

I knew that there are potential issues with permissions with the 
qpidd.sasldb so my first step was to copy etc/sasl2/qpidd.conf and 
qpidd.sasldb to my home directory (just to make things easier while I'm 
playing). I modified qpidd.conf with
sasldb_path: /home/fadams/qpidd.sasldb

I checked
sasldblistusers2 -f /home/fadams/qpidd.sasldb
and got (as expected)
guest@QPID: userPassword

and was able to add other users using
saslpasswd2 -f /home/fadams/qpidd.sasldb -u QPID fadams

So I started qpidd as myself with:
qpidd --sasl-config /home/fadams/qpidd.conf -t

And in the trace I got:
2011-10-04 18:57:59 info SASL: config path set to /home/fadams/qpidd.conf
2011-10-04 18:57:59 info SASL enabled
2011-10-04 18:57:59 notice Listening on TCP port 5672
2011-10-04 18:57:59 info Policy file not specified. ACL Disabled, no ACL 
checking being done!
2011-10-04 18:57:59 notice Broker running
2011-10-04 18:58:04 debug RECV [127.0.0.1:5672-127.0.0.1:35444] INIT(0-10)
2011-10-04 18:58:04 debug External ssf=0 and auth=
2011-10-04 18:58:04 debug min_ssf: 0, max_ssf: 256, external_ssf: 0
2011-10-04 18:58:04 info SASL: Mechanism list: NTLM CRAM-MD5 LOGIN 
DIGEST-MD5 ANONYMOUS PLAIN

Which looked OK to me.

However I then tried to connect with a Java consumer using a fairly 
basic connection URL

connectionfactory.ConnectionFactory = 
amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672'

Which failed with "session creation failed"

And a broker trace of:

2011-10-04 18:58:04 trace SENT [127.0.0.1:5672-127.0.0.1:35444]: 
Frame[BEbe; channel=0; {ConnectionStartBody: 
server-properties={qpid.federation_tag:V2:36:str16(04cb2a36-ccaa-4762-9e9a-56329c267085)};

mechanisms=str16{V2:4:str16(NTLM), V2:8:str16(CRAM-MD5), 
V2:5:str16(LOGIN), V2:10:str16(DIGEST-MD5), V2:9:str16(ANONYMOUS), 
V2:5:str16(PLAIN)}; locales=str16{V2:5:str16(en_US)}; }]
2011-10-04 18:58:04 trace RECV [127.0.0.1:5672-127.0.0.1:35444]: 
Frame[BEbe; channel=0; {ConnectionStartOkBody: 
client-properties={clientName:V2:8:str16(clientid),qpid.client_pid:F4:int32(7032),qpid.client_process:V2:16:str16(Qpid

Java Client),qpid.session_flow:F4:int32(1)}; mechanism=PLAIN; 
response=xxxxxx; }]
2011-10-04 18:58:04 debug SASL: Starting authentication with mechanism: 
PLAIN
2011-10-04 18:58:04 info SASL: Authentication failed for 
guest@QPID:SASL(-13): user not found: Password verification failed
2011-10-04 18:58:04 debug Exception constructed: Authentication failed
2011-10-04 18:58:04 debug SEND raiseEvent (v1) 
class=org.apache.qpid.broker.clientConnectFail
2011-10-04 18:58:04 debug SEND raiseEvent (v2) 
class=org.apache.qpid.broker.clientConnectFail
2011-10-04 18:58:04 trace SENT [127.0.0.1:5672-127.0.0.1:35444]: 
Frame[BEbe; channel=0; {ConnectionCloseBody: reply-code=320; 
reply-text=connection-forced: Authentication failed; }]
2011-10-04 18:58:04 trace RECV [127.0.0.1:5672-127.0.0.1:35444]: 
Frame[BEbe; channel=0; {ConnectionCloseOkBody: }]
2011-10-04 18:58:04 debug DISCONNECTED [127.0.0.1:5672-127.0.0.1:35444]


I also tried explicitly setting the realm using:
qpidd --sasl-config /home/fadams/qpidd.conf --realm QPID -t

but that was equally unsuccessful.

Finally as much out of desperation as anything I tried:
sudo qpidd -t

which clearly should have picked up the default stuff in the default 
qpidd.sasldb locations and clearly would have the correct read 
permissions. Again I got:

2011-10-04 19:41:59 info SASL: Authentication failed for 
guest@QPID:SASL(-13): user not found: Password verification failed



I'd be really grateful if someone who knows about this stuff could 
suggest what I've done wrong. I can't see why I should be getting "user 
not found" with a fairly vanilla set up.

MTIA
Frase









---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


Mime
View raw message