qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davide Anastasia <Davide.Anasta...@qualitycapital.com>
Subject RE: Setting up Kerberos security
Date Mon, 11 Mar 2013 10:38:19 GMT
Hi Gordon,
I bring up again this topic because I am already struggling to enable Kerberos security in
Qpid.
Just to summarize, I am on CentOS 6.3 with Qpid 0.14. Nothing has been installed from sources,
so it should be pretty much like RHEL.
	
I have disabled SELinux on this box and I am using QPID as realm.
The file attached is what I am using to connect to/test the broker.

Calling my tool gives me this:

2013-03-11 10:32:44 warning Closing connection due to internal-error: Sasl error: SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information
(Credentials cache file '/tmp/krb5cc_526' not found) (qpid/SaslFactory.cpp:280)
qpid::messaging::ConnectionError
Error: internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_526'
not found) (qpid/SaslFactory.cpp:280)

Of course, I can do kinit:

-bash-4.1$ kinit
Password for davide@QPID: 
-bash-4.1$

...which seems to work!

If I call again my tool, I get a slightly different error:

2013-03-11 10:34:25 warning Closing connection due to internal-error: Sasl error: SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information
(Server krbtgt/LOCALDOMAIN@QPID not found in Kerberos database) (qpid/SaslFactory.cpp:280)
qpid::messaging::ConnectionError
Error: internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (Server krbtgt/LOCALDOMAIN@QPID not found
in Kerberos database) (qpid/SaslFactory.cpp:280)


I am not sure what I should blame (my tool, the broker configuration, kerberos configuration?),
so I am a bit stuck with this problem and I am not sure what I should look for on the internet.

I look forward to hearing from you. Any hint will be of great help.
Thanks,
Davide


-----Original Message-----
From: Gordon Sim [mailto:gsim@redhat.com] 
Sent: 14 August 2012 17:16
To: users@qpid.apache.org
Subject: Re: Setting up Kerberos security

On 08/14/2012 03:03 PM, Davide Anastasia wrote:
> I've created the keytab file as specified in the Qpid user manual [1] 
> and I have set the environment variable as well.

What about the realm? Have you set that? (Previous error message looked like you were using
EXAMPLE.COM?)

> However, I haven't figured out a way to understand where the broker is 
> actually looking for this file.

The krb5.conf file points to various logs that may help (the kdc may actually be another box
of course, but the log there is very useful).



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message