[
https://issues.apache.org/jira/browse/QPID-3668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13647481#comment-13647481
]
Ken Giusti commented on QPID-3668:
----------------------------------
Additional observations:
The Connection object has "username" and "auth_username" properties.
"username" appears to be set by extracting the user name supplied in the URL
(or via connection options [?]). "auth_username" is set by the SASL library.
In most tests that I've run, these two properties are set to the same value
(username from URL). However, when ANONYMOUS auth is used, there is a
difference when the internal SASL client is used vs. the SASL wrapper:
SASL wrapper:
PYTHONPATH="$PYTHONPATH:/home/kgiusti/work/qpid/qpid/qpid/extras/sasl/python:/home/kgiusti/work/qpid/qpid/qpid/extras/sasl/python/.libs"
qpid-config -b amqps://guest/[email protected]:47895 --ssl-certificate
./client_cert_key.pem --sasl-mechanism ANONYMOUS
USING SASL
Enter PEM pass phrase:password
USERNAME=guest
AUTH_USERNAME=anonymous
Internal SASL impl:
qpid-config -b amqps://guest/[email protected]:47895 --ssl-certificate
./client_cert_key.pem --sasl-mechanism ANONYMOUS
USING PLAINCLIENT
Enter PEM pass phrase:password
USERNAME=guest
AUTH_USERNAME=guest
Note the value for auth_username.
Also, when using PLAIN auth, and the password is not supplied in the URL, the
internal SASL impl fails, while the SASL wrapper will prompt for the missing
password:
SASL wrapper:
PYTHONPATH="$PYTHONPATH:/home/kgiusti/work/qpid/qpid/qpid/extras/sasl/python:/home/kgiusti/work/qpid/qpid/qpid/extras/sasl/python/.libs"
qpid-config -b amqps://[email protected]:47895 --ssl-certificate
./client_cert_key.pem --sasl-mechanism PLAIN
USING SASL
Enter PEM pass phrase:password
Please enter your password: guest
USERNAME=guest
AUTH_USERNAME=guest
Internal SASL impl:
qpid-config -b amqps://[email protected]:47895 --ssl-certificate
./client_cert_key.pem --sasl-mechanism PLAIN
USING PLAINCLIENT
Enter PEM pass phrase:password
Failed: AuthenticationFailure: sasl negotiation failed: no mechanism agreed
> Python console has inconsistent interface to the authenticated user state,
> depending on whether saslwrapper is used or not.
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-3668
> URL: https://issues.apache.org/jira/browse/QPID-3668
> Project: Qpid
> Issue Type: Improvement
> Components: Python Client
> Affects Versions: 0.13
> Reporter: Ken Giusti
>
> If the python client uses the sasl service to provide authentication, then
> the authenticated user-id is provided via the connection object. However, if
> sasl is not available, the python client will use its integrated PLAIN or
> ANONYMOUS mechanism. In this case, no information appears to be available to
> determine the actual user-id used (or anonymous). For example:
> self.conn = Connection(connSock, username=self.authUser,
> password=self.authPass,
> mechanism = self.mechanisms, host=self.host,
> service="qpidd")
> uid = self.conn.user_id
> 'uid' above is None if internal PLAIN or ANONYMOUS was used. It is set if
> sasl was used (and -could- be 'anonymous' etc).
> It would be consistent if the uid was set in either case (sasl or non-sasl).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
