You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@qpid.apache.org by Pavel Moravec <pm...@redhat.com> on 2011/08/04 10:47:13 UTC

Configuration of CRAM-MD5 SASL method?

Hi all, 
does somebody know how to configure CRAM-MD5 SASL authentication method? I tried the following: 

# cat /etc/sasl2/qpidd.conf 
pwcheck_method: auxprop 
auxprop_plugin: sasldb 
sasldb_path: /var/lib/qpidd/qpidd.sasldb 

#following line stops spurious 'sql_select option missing' errors when 
#cyrus-sql-sasl plugin is installed 
sql_select: dummy select 
mech_list: cram-md5 
# qpid-perftest --count 100 --username guest --password guest --mechanism CRAM-MD5 
2011-08-04 10:34:49 warning Broker closed connection: 320, connection-forced: Authentication failed 

connection-forced: Authentication failed 
# 

qpid debug has: 

2011-08-04 10:33:05 info SASL: Mechanism list: CRAM-MD5 
2011-08-04 10:33:05 debug Management object (V1) added: org.apache.qpid.broker:connection:127.0.0.1:5672-127.0.0.1:54123 
2011-08-04 10:33:05 debug SASL: Starting authentication with mechanism: CRAM-MD5 
2011-08-04 10:33:05 warning Failed to retrieve sasl username 
2011-08-04 10:33:05 info SASL: Authentication failed (no username available):SASL(-6): can't request info until later in exchange: Information that was requested is not yet available. 
2011-08-04 10:33:05 debug Exception constructed: Authentication failed 
2011-08-04 10:33:05 warning Failed to retrieve sasl username 

The same (error 320 and SASL(-6)) I received when using Java HelloWorld program specifying sasl_mechs='CRAM-MD5' . 

Any suggestions what do I wrong? As when I replace "CRAM-MD5" by "DIGEST-MD5" in sasl config file and perftest command line, the authentication passes.. (well, it does not in Java HelloWorld program, but that is another story). 

Thanks in advance for your help. 

Kind regards, 
Pavel

Re: Configuration of CRAM-MD5 SASL method?

Posted by Gordon Sim <gs...@redhat.com>.

On 08/04/2011 02:15 PM, Pavel Moravec wrote:
> thanks a lot. Checking source code was the next step in my investigation here ;-)

Fixed on trunk now. Well spotted!

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

Re: Configuration of CRAM-MD5 SASL method?

Posted by Pavel Moravec <pm...@redhat.com>.

Hi Gordon,
thanks a lot. Checking source code was the next step in my investigation here ;-)

Kind regards,
Pavel


----- Original Message -----
From: "Gordon Sim" <gs...@redhat.com>
To: users@qpid.apache.org
Sent: Thursday, August 4, 2011 2:53:39 PM
Subject: Re: Configuration of CRAM-MD5 SASL method?

On 08/04/2011 09:47 AM, Pavel Moravec wrote:
> Hi all,
> does somebody know how to configure CRAM-MD5 SASL authentication method? I tried the following:
>
> # cat /etc/sasl2/qpidd.conf
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /var/lib/qpidd/qpidd.sasldb
>
> #following line stops spurious 'sql_select option missing' errors when
> #cyrus-sql-sasl plugin is installed
> sql_select: dummy select
> mech_list: cram-md5
> # qpid-perftest --count 100 --username guest --password guest --mechanism CRAM-MD5
> 2011-08-04 10:34:49 warning Broker closed connection: 320, connection-forced: Authentication failed
>
> connection-forced: Authentication failed
> #
>
> qpid debug has:
>
> 2011-08-04 10:33:05 info SASL: Mechanism list: CRAM-MD5
> 2011-08-04 10:33:05 debug Management object (V1) added: org.apache.qpid.broker:connection:127.0.0.1:5672-127.0.0.1:54123
> 2011-08-04 10:33:05 debug SASL: Starting authentication with mechanism: CRAM-MD5
> 2011-08-04 10:33:05 warning Failed to retrieve sasl username
> 2011-08-04 10:33:05 info SASL: Authentication failed (no username available):SASL(-6): can't request info until later in exchange: Information that was requested is not yet available.
> 2011-08-04 10:33:05 debug Exception constructed: Authentication failed
> 2011-08-04 10:33:05 warning Failed to retrieve sasl username
>
> The same (error 320 and SASL(-6)) I received when using Java HelloWorld program specifying sasl_mechs='CRAM-MD5' .
>
> Any suggestions what do I wrong? As when I replace "CRAM-MD5" by "DIGEST-MD5" in sasl config file and perftest command line, the authentication passes.. (well, it does not in Java HelloWorld program, but that is another story).

You aren't doing anything wrong, this appears to be a bug in the broker. 
I have raised a JIRA (QPID-3393) and have a fix that I'll commit shortly.

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

Re: Configuration of CRAM-MD5 SASL method?

Posted by Gordon Sim <gs...@redhat.com>.

On 08/04/2011 09:47 AM, Pavel Moravec wrote:
> Hi all,
> does somebody know how to configure CRAM-MD5 SASL authentication method? I tried the following:
>
> # cat /etc/sasl2/qpidd.conf
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /var/lib/qpidd/qpidd.sasldb
>
> #following line stops spurious 'sql_select option missing' errors when
> #cyrus-sql-sasl plugin is installed
> sql_select: dummy select
> mech_list: cram-md5
> # qpid-perftest --count 100 --username guest --password guest --mechanism CRAM-MD5
> 2011-08-04 10:34:49 warning Broker closed connection: 320, connection-forced: Authentication failed
>
> connection-forced: Authentication failed
> #
>
> qpid debug has:
>
> 2011-08-04 10:33:05 info SASL: Mechanism list: CRAM-MD5
> 2011-08-04 10:33:05 debug Management object (V1) added: org.apache.qpid.broker:connection:127.0.0.1:5672-127.0.0.1:54123
> 2011-08-04 10:33:05 debug SASL: Starting authentication with mechanism: CRAM-MD5
> 2011-08-04 10:33:05 warning Failed to retrieve sasl username
> 2011-08-04 10:33:05 info SASL: Authentication failed (no username available):SASL(-6): can't request info until later in exchange: Information that was requested is not yet available.
> 2011-08-04 10:33:05 debug Exception constructed: Authentication failed
> 2011-08-04 10:33:05 warning Failed to retrieve sasl username
>
> The same (error 320 and SASL(-6)) I received when using Java HelloWorld program specifying sasl_mechs='CRAM-MD5' .
>
> Any suggestions what do I wrong? As when I replace "CRAM-MD5" by "DIGEST-MD5" in sasl config file and perftest command line, the authentication passes.. (well, it does not in Java HelloWorld program, but that is another story).

You aren't doing anything wrong, this appears to be a bug in the broker. 
I have raised a JIRA (QPID-3393) and have a fix that I'll commit shortly.

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org