You are viewing a plain text version of this content. The canonical link for it is here.

Posted to proton@qpid.apache.org by Andreas Welchlin <an...@welchlin.de> on 2014/02/03 19:06:41 UTC

SASL Authorization fails

Hi All,

I tried to connect to Qpid using SASL authorization. Unfortunately I had 
no success. And I am missing a step by step example.

I am running the c++ broker on a linux machine (fedora). And I want to 
connect via JMS from a Windows machine.

Let's say I want do create a user:

Username: tom
Password: ttt
Name of SASL realm: QPID

So I change /etc/qpid/qpidd.conf:
auth=yes
realm=QPID

And I create a user in SASL:

saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID tom
Password: ttt
Again (for verification): ttt

The connection string in my JMS application is:
connectionfactory.qpidConnectionfactory = 
amqp://tom:ttt@clientId/?brokerlist='tcp://192.168.0.102:5672'


When I try to connect I get the message:
Unable to connect to broker at tcp://192.168.0.102:5672
org.apache.qpid.AMQException: Cannot connect to broker: 
connection-forced: Authentication failed [error code 320: connection forced]


Please could someone enlighten me. What is wrong with my configuration?

Regards,
Andreas

Re: SASL Authorization fails

Posted by Andreas Welchlin <an...@welchlin.de>.

I sent the mail a bit too fast and can give the anwer myself.

There were two problems:
1st: I had to chown the sasl database to qpid:qpid
2nd: The user must not be tom but tom@QPID.

It works, now!

So the correct step by step howto is:
--------------------------------------------------------------------------------
I want do create a user:

Username: tom
Password: ttt
Name of SASL realm: QPID

So I change /etc/qpid/qpidd.conf:
auth=yes
realm=QPID

And I create a user in SASL:

saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID tom@QPID
Password: ttt
Again (for verification): ttt

I change the owner of the SASL database to qpidd:
chown qpidd:qpidd /var/lib/qpidd/qpidd.sasldb


The connection string in my JMS application is:
connectionfactory.qpidConnectionfactory = 
amqp://tom:ttt@clientId/?brokerlist='tcp://192.168.0.102:5672'
--------------------------------------------------------------------------------



Regards,
Andreas




Am 03.02.2014 19:06, schrieb Andreas Welchlin:
> Hi All,
>
> I tried to connect to Qpid using SASL authorization. Unfortunately I 
> had no success. And I am missing a step by step example.
>
> I am running the c++ broker on a linux machine (fedora). And I want to 
> connect via JMS from a Windows machine.
>
> Let's say I want do create a user:
>
> Username: tom
> Password: ttt
> Name of SASL realm: QPID
>
> So I change /etc/qpid/qpidd.conf:
> auth=yes
> realm=QPID
>
> And I create a user in SASL:
>
> saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID tom
> Password: ttt
> Again (for verification): ttt
>
> The connection string in my JMS application is:
> connectionfactory.qpidConnectionfactory = 
> amqp://tom:ttt@clientId/?brokerlist='tcp://192.168.0.102:5672'
>
>
> When I try to connect I get the message:
> Unable to connect to broker at tcp://192.168.0.102:5672
> org.apache.qpid.AMQException: Cannot connect to broker: 
> connection-forced: Authentication failed [error code 320: connection 
> forced]
>
>
> Please could someone enlighten me. What is wrong with my configuration?
>
> Regards,
> Andreas
>
>
>