[ https://issues.apache.org/jira/browse/QPID-5643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13944976#comment-13944976 ]
Pavel Moravec commented on QPID-5643: ------------------------------------- Reproducer (assuming ~/qpidd.sasldb is proper SASL db with guest/guest credentials, and /etc/sasl2/qpidd.conf points to /var/lib/qpidd/qpidd.sasldb): pkill -9 qpidd rm qpidd.*.log echo "acl allow guest@QPID all all acl deny all all" > ~/qpidd.acl cp ~/qpidd.sasldb /var/lib/qpidd run_qpidd() { port=$1 rm -rf _${port} mkdir _${port} nohup qpidd --port=$port --log-to-file=qpidd.$port.log --data-dir=_${port} --auth=yes --log-to-stderr=no --acl-file=/root/qpidd.acl "$@" & } run_qpidd 5001 --trace run_qpidd 5002 --trace sleep 3 qpid-route route add guest/guest@localhost:5001 guest/guest@localhost:5002 amq.fanout amq.fanout qpid-route route map guest/guest@localhost:5001 Current output: Finding Linked Brokers: guest/guest@localhost:5001... Ok localhost:5002... ExecutionException(error_code=403, command_id=serial(0), class_code=8, command_code=1, field_index=0, description=u'unauthorized-access: ACL denied queue create request from anonymous@QPID (/builddir/build/BUILD/qpid-0.22/cpp/src/qpid/broker/Broker.cpp:1316)', error_info={}, channel=1, id=serial(0)) Expected output: Finding Linked Brokers: guest/guest@localhost:5001... Ok localhost:5002... Ok Dynamic Routes: none found Static Routes: localhost:5001(ex=amq.fanout) <= localhost:5002(ex=amq.fanout) key=amq.fanout > "qpid-route route map" does not pass credentials to other brokers in the > "route map" > ------------------------------------------------------------------------------------ > > Key: QPID-5643 > URL: https://issues.apache.org/jira/browse/QPID-5643 > Project: Qpid > Issue Type: Bug > Components: Python Tools > Affects Versions: 0.26 > Reporter: Pavel Moravec > Assignee: Pavel Moravec > Priority: Trivial > > Tool qpid-route supports only ANONYMOUS sasl mech in method mapRoutes. > This results as (although both broker nodes are running with very same ACL > rules and qpid.sasldb): > ExecutionException(error_code=403, command_id=serial(0), class_code=8, > command_code=1, field_index=0, description=u'unauthorized-access: ACL denied > queue create request from anonymous@QPID > (qpid/broker/SessionAdapter.cpp:349)', error_info={}, channel=1, id=serial(0)) > The reason is because when qpid-route queries subsequent brokers in the > federation topology, it does not set any credentials (esp. those used for the > first broker). > Trivial fix to follow just passes the credentials and other connection > options to any further broker that the tool connects to. -- This message was sent by Atlassian JIRA (v6.2#6252) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org