qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Donner <jdon...@morphodetection.com>
Subject Is it normal to have to turn SASL off to get qpid-config and qpid-stat to work with SSL?
Date Fri, 12 Aug 2016 03:39:41 GMT
Hi -- the only way I can get the tools qpid-config and qpid-stat to talk to qpidd (the broker)
is to turn off SASL, which I do with

  qpidd --auth=no (.. other flags)

Is it advisable / ok to do that, if you otherwise have a good, SSL dual-authentication certificate
exchange working?
I've tried with SASL on, and using both --sasl-mechanism=PLAIN and --sasl-mechanism=EXTERNAL,
with no success.

I can leave SASL on and get the same cross-authentication going from a simple C++ client (which
uses EXTERNAL).

Is this known about the tools - or is there something I'm missing? I've tried the tools both
with the fully-(SASL)qualified url, eg: --broker=amqps://admin/morpho@localhost:5671 and without,
and variations. And had the database set up I believe properly, too:

# passwords both 'morpho'
  qpidd$ sudo sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb
  qpid-admin@QPID: userPassword
  admin@QPID: userPassword

# system SASL + qpidd points to the above db
sasl2$ less /etc/sasl2/qpidd.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /var/lib/qpidd/qpidd.sasldb
mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN

I'm happy not to use SASL, I just wonder whether I've missed something.

Thanks,
Jeff


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message