qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Donner <jdon...@morphodetection.com>
Subject RE: Is it normal to have to turn SASL off to get qpid-config and qpid-stat to work with SSL?
Date Mon, 15 Aug 2016 21:25:28 GMT
Hi Gordon, right on all counts, thanks! 

> Can the qpidd process read the database? E.g. does running qpidd as root
> (just temporarily) resolve the issue?

yes.

> Ok, I think what you need to do is put the CN from your certificate as
> the username in the url.

> EXTERNAL is being selected (in fact no other mechanism is being
> offered), but the client is requesting an identity that doesn't match
> the certificate it has been authenticated with.

yes; works.

My C++ client doesn't work yet (the tools eg qpid-config do) but I haven't looked into my
client too much since it looks like if SSL is enabled, SASL doesn't add anything anyway. 

Thanks very much!
Jeff
________________________________________
From: Gordon Sim [gsim@redhat.com]
Sent: Monday, August 15, 2016 1:45 AM
To: users@qpid.apache.org
Subject: Re: Is it normal to have to turn SASL off to get qpid-config and qpid-stat to work
with SSL?

On 13/08/16 03:35, Jeff Donner wrote:
> #####################################################
> # Without SSL:

[...]

> -- something's wrong with my SASL setup I feel sure, it's just whiffing at authenticating.
I moved the sasldb from its original, qpid-specific location to the system's db (reflected
in all cases above), but that made no difference. If you have a domain associated with a username
(jgd), you need to specify it for administrative actions which the qpid-config tool URL doesn't
give you a way to do, but it looks like qpid-config is filling in the right value (QPID) anyway.

Can the qpidd process read the database? E.g. does running qpidd as root
(just temporarily) resolve the issue?

> I tried making the username be: jgd@QPID and jgd/QPID to compensate for the lack of domain,
but, those failed too:

It shouldn't need that.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message