Using Proton/Messenger with SASL

[dylan25 <db...@gmail.com>]

Hello,

I'm currently incorporating SASL authentication functionality into my
messaging client, and testing it with RabbitMQ (using the AMQP 1.0 plugin).
I am formatting my URIs as follows using this scheme:
"amqp://user:pass@127.0.0.1:5672/exchange/topic". I am able to use
"amqp://127.0.0.1:5672/exchange/topic" to connect as the default user
(guest), although I am unable to specify a username and password. When I do
specify a username and password, I get the following error using PN_TRACE:

[0x19ebbb0]:  -> SASL
[0x19ebbb0]:  <- SASL
[0x19ebbb0]:0 <- @sasl-mechanisms(64)
[sasl-server-mechanisms=@PN_SYMBOL[:ANONYMOUS, :PLAIN, :AMQPLAIN]]
[0x19ebbb0]:sasl error: SASL(-4): no mechanism available: No worthy mechs
found
[0x19ebbb0]:  <- EOS
[0x19ebbb0]:  <- EOS
[0x19ebbb0]:  -> EOS

It almost appears as if my client isn't successfully negotiating a SASL
authentication mechanism with the server. Does this sound right? My server
is configured to authenticate using ANONYMOUS, PLAIN or AMQPLAIN; although
there doesn't appear to be a function call in the Messenger API to set
authentication mechanisms.

Thank you in advance for your help,
Dylan



--
View this message in context: http://qpid.2158936.n2.nabble.com/Using-Proton-Messenger-with-SASL-tp7627962.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: Using Proton/Messenger with SASL

[dylan25 <db...@gmail.com>]

I was using Proton 0.9, although I was able to get SASL to work when I
switched to 0.9.1-rc1. Thank you for your help, Gordon!



--
View this message in context: http://qpid.2158936.n2.nabble.com/Using-Proton-Messenger-with-SASL-tp7627962p7628105.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: Using Proton/Messenger with SASL

[Gordon Sim <gs...@redhat.com>]

On 07/09/2015 09:03 PM, dylan25 wrote:
> Hello,
>
> I'm currently incorporating SASL authentication functionality into my
> messaging client, and testing it with RabbitMQ (using the AMQP 1.0 plugin).
> I am formatting my URIs as follows using this scheme:
> "amqp://user:pass@127.0.0.1:5672/exchange/topic". I am able to use
> "amqp://127.0.0.1:5672/exchange/topic" to connect as the default user
> (guest), although I am unable to specify a username and password. When I do
> specify a username and password, I get the following error using PN_TRACE:
>
> [0x19ebbb0]:  -> SASL
> [0x19ebbb0]:  <- SASL
> [0x19ebbb0]:0 <- @sasl-mechanisms(64)
> [sasl-server-mechanisms=@PN_SYMBOL[:ANONYMOUS, :PLAIN, :AMQPLAIN]]
> [0x19ebbb0]:sasl error: SASL(-4): no mechanism available: No worthy mechs
> found
> [0x19ebbb0]:  <- EOS
> [0x19ebbb0]:  <- EOS
> [0x19ebbb0]:  -> EOS
>
> It almost appears as if my client isn't successfully negotiating a SASL
> authentication mechanism with the server. Does this sound right? My server
> is configured to authenticate using ANONYMOUS, PLAIN or AMQPLAIN; although
> there doesn't appear to be a function call in the Messenger API to set
> authentication mechanisms.

What version of proton are you using?

(From the error message it looks as if it may include the cyrus-sasl 
support introduced in the pending but as yet unreleased 0.10, and that 
the client is not willing/able to use either ANONYMOUS or PLAIN. Do you 
have the libplain.so module for cyrus if this is the case?)


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org