[jira] Commented: (QPID-2600) ACL policy doesn't permit certain characters in usernames added to groups

Wed, 12 May 2010 07:25:05 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-2600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866580#action_12866580
 ] 

Rajith Attapattu commented on QPID-2600:
----------------------------------------

Thx good catch !

 "user = userna...@domain[/realm]]" should be changed to user = <name> [ 
/<domain> [ @<realm> ] ] 

However currently the c++ broker doesn't treat the '@' as optional as we do 
have the concept of a domain.
I know the Java broker doesn't, as it doesn't support GSSAPI etc..
I could probably default to the default-broker-realm if nothing is specified, 
rather than flag it as an error.

The website documentation needs a bit of work for sure :)

We are moving the ACL documentation from the wiki to the new doc book format 
kept in svn.
So going forward we can keep them in sync a bit more easily.

> ACL policy doesn't permit certain characters in usernames added to groups
> -------------------------------------------------------------------------
>
>                 Key: QPID-2600
>                 URL: https://issues.apache.org/jira/browse/QPID-2600
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.6
>            Reporter: Rajith Attapattu
>            Assignee: Rajith Attapattu
>            Priority: Minor
>             Fix For: 0.7
>
>
> Description of problem:
> Unable to add a host principle to a group, the acl policy file fails to load 
> and prevents qpidd from running.
> I guess this is partly due to us not figuring out what is exactly allowed for 
> group and usernames.
> How reproducible:
> Fails every time.
> Steps to Reproduce:
> 1. Add a host or service principle to a group in the acl file. Something like
> this will suffice:
>   group somegroup host/somemachine.example....@example.com
> Actual results:
> Failure to start. Error message is:
> Daemon startup failed: Could not read ACL file ACL format error:
> /etc/qpid/policy.acl:25: Name "host/somemachine.example....@example.com"
> contains illegal characters.
> Expected results:
> Should load and parse the group cleanly.    

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscr...@qpid.apache.org

Reply via email to