You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Pavel Moravec <pm...@redhat.com> on 2011/08/04 10:47:13 UTC
Configuration of CRAM-MD5 SASL method?
Hi all,
does somebody know how to configure CRAM-MD5 SASL authentication method? I tried the following:
# cat /etc/sasl2/qpidd.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /var/lib/qpidd/qpidd.sasldb
#following line stops spurious 'sql_select option missing' errors when
#cyrus-sql-sasl plugin is installed
sql_select: dummy select
mech_list: cram-md5
# qpid-perftest --count 100 --username guest --password guest --mechanism CRAM-MD5
2011-08-04 10:34:49 warning Broker closed connection: 320, connection-forced: Authentication failed
connection-forced: Authentication failed
#
qpid debug has:
2011-08-04 10:33:05 info SASL: Mechanism list: CRAM-MD5
2011-08-04 10:33:05 debug Management object (V1) added: org.apache.qpid.broker:connection:127.0.0.1:5672-127.0.0.1:54123
2011-08-04 10:33:05 debug SASL: Starting authentication with mechanism: CRAM-MD5
2011-08-04 10:33:05 warning Failed to retrieve sasl username
2011-08-04 10:33:05 info SASL: Authentication failed (no username available):SASL(-6): can't request info until later in exchange: Information that was requested is not yet available.
2011-08-04 10:33:05 debug Exception constructed: Authentication failed
2011-08-04 10:33:05 warning Failed to retrieve sasl username
The same (error 320 and SASL(-6)) I received when using Java HelloWorld program specifying sasl_mechs='CRAM-MD5' .
Any suggestions what do I wrong? As when I replace "CRAM-MD5" by "DIGEST-MD5" in sasl config file and perftest command line, the authentication passes.. (well, it does not in Java HelloWorld program, but that is another story).
Thanks in advance for your help.
Kind regards,
Pavel
Re: Configuration of CRAM-MD5 SASL method?
Posted by Gordon Sim <gs...@redhat.com>.
On 08/04/2011 02:15 PM, Pavel Moravec wrote:
> thanks a lot. Checking source code was the next step in my investigation here ;-)
Fixed on trunk now. Well spotted!
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Configuration of CRAM-MD5 SASL method?
Posted by Pavel Moravec <pm...@redhat.com>.
Hi Gordon,
thanks a lot. Checking source code was the next step in my investigation here ;-)
Kind regards,
Pavel
----- Original Message -----
From: "Gordon Sim" <gs...@redhat.com>
To: users@qpid.apache.org
Sent: Thursday, August 4, 2011 2:53:39 PM
Subject: Re: Configuration of CRAM-MD5 SASL method?
On 08/04/2011 09:47 AM, Pavel Moravec wrote:
> Hi all,
> does somebody know how to configure CRAM-MD5 SASL authentication method? I tried the following:
>
> # cat /etc/sasl2/qpidd.conf
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /var/lib/qpidd/qpidd.sasldb
>
> #following line stops spurious 'sql_select option missing' errors when
> #cyrus-sql-sasl plugin is installed
> sql_select: dummy select
> mech_list: cram-md5
> # qpid-perftest --count 100 --username guest --password guest --mechanism CRAM-MD5
> 2011-08-04 10:34:49 warning Broker closed connection: 320, connection-forced: Authentication failed
>
> connection-forced: Authentication failed
> #
>
> qpid debug has:
>
> 2011-08-04 10:33:05 info SASL: Mechanism list: CRAM-MD5
> 2011-08-04 10:33:05 debug Management object (V1) added: org.apache.qpid.broker:connection:127.0.0.1:5672-127.0.0.1:54123
> 2011-08-04 10:33:05 debug SASL: Starting authentication with mechanism: CRAM-MD5
> 2011-08-04 10:33:05 warning Failed to retrieve sasl username
> 2011-08-04 10:33:05 info SASL: Authentication failed (no username available):SASL(-6): can't request info until later in exchange: Information that was requested is not yet available.
> 2011-08-04 10:33:05 debug Exception constructed: Authentication failed
> 2011-08-04 10:33:05 warning Failed to retrieve sasl username
>
> The same (error 320 and SASL(-6)) I received when using Java HelloWorld program specifying sasl_mechs='CRAM-MD5' .
>
> Any suggestions what do I wrong? As when I replace "CRAM-MD5" by "DIGEST-MD5" in sasl config file and perftest command line, the authentication passes.. (well, it does not in Java HelloWorld program, but that is another story).
You aren't doing anything wrong, this appears to be a bug in the broker.
I have raised a JIRA (QPID-3393) and have a fix that I'll commit shortly.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Configuration of CRAM-MD5 SASL method?
Posted by Gordon Sim <gs...@redhat.com>.
On 08/04/2011 09:47 AM, Pavel Moravec wrote:
> Hi all,
> does somebody know how to configure CRAM-MD5 SASL authentication method? I tried the following:
>
> # cat /etc/sasl2/qpidd.conf
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /var/lib/qpidd/qpidd.sasldb
>
> #following line stops spurious 'sql_select option missing' errors when
> #cyrus-sql-sasl plugin is installed
> sql_select: dummy select
> mech_list: cram-md5
> # qpid-perftest --count 100 --username guest --password guest --mechanism CRAM-MD5
> 2011-08-04 10:34:49 warning Broker closed connection: 320, connection-forced: Authentication failed
>
> connection-forced: Authentication failed
> #
>
> qpid debug has:
>
> 2011-08-04 10:33:05 info SASL: Mechanism list: CRAM-MD5
> 2011-08-04 10:33:05 debug Management object (V1) added: org.apache.qpid.broker:connection:127.0.0.1:5672-127.0.0.1:54123
> 2011-08-04 10:33:05 debug SASL: Starting authentication with mechanism: CRAM-MD5
> 2011-08-04 10:33:05 warning Failed to retrieve sasl username
> 2011-08-04 10:33:05 info SASL: Authentication failed (no username available):SASL(-6): can't request info until later in exchange: Information that was requested is not yet available.
> 2011-08-04 10:33:05 debug Exception constructed: Authentication failed
> 2011-08-04 10:33:05 warning Failed to retrieve sasl username
>
> The same (error 320 and SASL(-6)) I received when using Java HelloWorld program specifying sasl_mechs='CRAM-MD5' .
>
> Any suggestions what do I wrong? As when I replace "CRAM-MD5" by "DIGEST-MD5" in sasl config file and perftest command line, the authentication passes.. (well, it does not in Java HelloWorld program, but that is another story).
You aren't doing anything wrong, this appears to be a bug in the broker.
I have raised a JIRA (QPID-3393) and have a fix that I'll commit shortly.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org