qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davide Anastasia" <Davide.Anasta...@qualitycapital.com>
Subject RE: Setting up Kerberos security
Date Thu, 09 Aug 2012 16:55:22 GMT
Hi,
I'm using the C++ messaging API to connect to the broker. cyrus-sasl is
available.
After changing /etc/sasl2/qpidd.conf, I receive this error:

2012-08-09 17:55:20 warning Closing connection due to internal-error:
Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (Server
krbtgt/COM@EXAMPLE.COM not found in Kerberos database)
(qpid/SaslFactory.cpp:280)
unknown file: Failure
C++ exception with description "internal-error: Sasl error: SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may
provide more information (Server krbtgt/COM@EXAMPLE.COM not found in
Kerberos database) (qpid/SaslFactory.cpp:280)" thrown in the test body.

Best,
Davide

-----Original Message-----
From: Gordon Sim [mailto:gsim@redhat.com] 
Sent: 09 August 2012 15:40
To: users@qpid.apache.org
Subject: Re: Setting up Kerberos security

On 08/09/2012 02:52 PM, Davide Anastasia wrote:
> Hi Gordon,
> I'm using the C++ broker, v. 0.14, the one shipped with RHEL6.
> I have used the guide in your page to set up the Kerberos server, 
> without success.

Ok, and what client(s) are you using to connect?

> How can I explicitly require GSSAPI as the mechanism?

You can either explicitly limit the broker to only support that one
mechanism by editing the 'mech_list' option in /etc/sasl2/qpidd.conf,
e.g.

mech_list: GSSAPI

Alternatively, you can specify through the client options which
mechanism you want to use (the broker must also support it)

> How can I change
> it in the /etc/sasl2/qpidd.conf file?

As above, just edit the mech_list. Make sure if specified that it
includes GSSAPI (if not specified at all it will allow all mechanisms
for which plugins are installed).

> I'm just checking whether the
> cyrus-sasl is available.

Try rpm -qv cyrus-sasl-gssapi.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional
commands, e-mail: users-help@qpid.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message