qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: Unable to Setup SSL between Java Client and C++ broker
Date Wed, 05 Sep 2012 06:56:56 GMT
On 09/04/2012 10:44 AM, maverick_muguda wrote:
> Thanks Robbie. Your suggestion fixed that problem.
>
>   When i rearranged the order of arguments, to the prescribed order, i am
> running into an Authentication failed message.
>
> the same  connection URL (without the ssl='true') used to work fine. why
> does the same thing fail once i enabled SSL?
>
> I see this error message in the broker's console output:
>
> "
> 2012-09-04 08:03:58 warning Failed to retrieve sasl username
> "
>
> Now if i turn on authentication by updating the qpidd.conf file(auth=yes),
> the above mentioned message disappears, but the client side error remains.

The message above should only be logged if authentication is on. If it 
*is* on, then an authentication failure is expected for guest/guest if 
that account hasn't been created.

[...]

> Do i need to turn on authentication to get SSL working?

No

> Eitherway i am
> running into the same error, how to fix that.
>
>
> I also find that the /var/lib/qpidd/qpidd.sasldb file missing, nor am able
> to add users though "sasldblistusers2" command, as per the documentation at
> https://qpid.apache.org/books/0.10/AMQP-Messaging-Broker-CPP-Book/html/ch01s05.html
> security-howto  "The SASL database is installed at
> /var/lib/qpidd/qpidd.sasldb; initially, it has one user named guest in the
> QPID realm, and the password for this user is guest. "

I believe that documentation is now out of date, and a dummy database 
with a default guest user account is no longer created as part of the 
installation.

> Is this a bug? should i create this file manually? Can i create the file by
> "touch"ing or is there a different way of creating it?

You can create it by adding a user with saslpasswd2. However you don't 
*need* to turn on authentication to use SSL.

What does your /etc/qpidd.conf have in it? And what are the full set of 
command line arguments you are starting your broker with?

Can you turn on tracing on the broker then re-run the example? That may 
shed some light on what is wrong.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message