You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@qpid.apache.org by Garrett Smith <g...@rrett.us.com> on 2009/04/29 04:43:19 UTC

Authentication woes - C++ broker, Python client

I'm running into this error when I try to start a connection, which is
configured with what I believe to be a valid username and password:

 connection failed (320, u'connection-forced: Authentication failed')

I'm using the default guest/guest account. Here's what I'm seeing in the
broker log (trace enabled):

  info SASL: Starting authentication with mechanism: PLAIN
  info SASL: Authentication failed: SASL(-13): user not found: Password
  verification failed

I've verified that the guest account exists using "sasldblistusers2 -f 
/var/lib/qpidd/qpidd.sasldb". The output:

  guest@QPID: userPassword

I've tried this with new user accounts and different realms (specifying
--realm for qpidd as applicable). Same result.

There no indication in the trace log which SASL db is being used. The
contents of /etc/sasl2/qpidd.conf:

  mech_list: plain anonymous
  pwcheck_method: auxprop
  auxprop_plugin: sasldb
  sasldb_path: /var/lib/qpidd/qpidd.sasldb

If I comment out all of those lines, the output from qpidd (trace) is
exactly the same. So, I'm a bit confused as to how qpidd is getting its
information about SASL.

How can I explicitly tell qpidd where to find the SASL config?

Should the trace output contain details about which SASL confi it's
using? The only SASL related log output at startup is:

  info SASL enabled

That's a comforting fact, but then what? :)

Thanks for any help!

Garrett

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

Re: Authentication woes - C++ broker, Python client

Posted by Ted Ross <tr...@redhat.com>.

Garrett Smith wrote:
> I'm running into this error when I try to start a connection, which is
> configured with what I believe to be a valid username and password:
>
>  connection failed (320, u'connection-forced: Authentication failed')
>
> I'm using the default guest/guest account. Here's what I'm seeing in the
> broker log (trace enabled):
>
>   info SASL: Starting authentication with mechanism: PLAIN
>   info SASL: Authentication failed: SASL(-13): user not found: Password
>   verification failed
>
> I've verified that the guest account exists using "sasldblistusers2 -f 
> /var/lib/qpidd/qpidd.sasldb". The output:
>
>   guest@QPID: userPassword
>
> I've tried this with new user accounts and different realms (specifying
> --realm for qpidd as applicable). Same result.
>
> There no indication in the trace log which SASL db is being used. The
> contents of /etc/sasl2/qpidd.conf:
>
>   mech_list: plain anonymous
>   pwcheck_method: auxprop
>   auxprop_plugin: sasldb
>   sasldb_path: /var/lib/qpidd/qpidd.sasldb
>
> If I comment out all of those lines, the output from qpidd (trace) is
> exactly the same. So, I'm a bit confused as to how qpidd is getting its
> information about SASL.
>
> How can I explicitly tell qpidd where to find the SASL config?
>
> Should the trace output contain details about which SASL confi it's
> using? The only SASL related log output at startup is:
>
>   info SASL enabled
>
> That's a comforting fact, but then what? :)
>
> Thanks for any help!
>
> Garrett
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>   
Garrett,

Please check to make sure that the sasl files (/etc/sasl2/qpidd.conf and 
/var/lib/qpidd/qpidd.sasldb) are readable by the user that is running 
the qpidd process.

-Ted


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

Re: Authentication woes - C++ broker, Python client

Posted by Joshua Kramer <jo...@globalherald.net>.

Garrett Smith wrote:
> I'm running into this error when I try to start a connection, which is
> configured with what I believe to be a valid username and password
>   
Hello Garrett,

Have you tried creating a user account in the noted sasldb?  For 
example, testuser1@QPID with the password testuser1 - and do not supply 
a 'realm' option on the command line when starting qpidd.  Then, use 
that username / password in your Python script.  From what you have 
noted, it seems that you have covered all of your bases.

Let me know if that works.

Cheers,
-JK

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org