[
https://issues.apache.org/jira/browse/QPID-6109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14139104#comment-14139104
]
Chris Duryee commented on QPID-6109:
------------------------------------
Additionally, there is a behavior difference in sasl.py where if both ANONYMOUS
and PLAIN are passed in via sasl_mechanisms and saslwrapper is not available,
PLAIN will be preferred over ANONYMOUS. However, if saslwrapper is available,
then the first specified mechanism (ANONYMOUS in this case) will be used.
sasl_client_start() seems to treat these two mechs as equals which is different
than what's being done in sasl.py's start() method.
> qpid.messaaging builtin PLAIN auth does not agree on auth mechanism if
> password is None or ''
> ---------------------------------------------------------------------------------------------
>
> Key: QPID-6109
> URL: https://issues.apache.org/jira/browse/QPID-6109
> Project: Qpid
> Issue Type: Bug
> Components: Python Client
> Affects Versions: 0.26
> Environment: rpm -qa | grep sasl | sort
> cyrus-sasl-2.1.26-14.fc20.x86_64
> cyrus-sasl-devel-2.1.26-14.fc20.x86_64
> cyrus-sasl-gssapi-2.1.26-14.fc20.x86_64
> cyrus-sasl-lib-2.1.26-14.fc20.x86_64
> cyrus-sasl-md5-2.1.26-14.fc20.x86_64
> cyrus-sasl-plain-2.1.26-14.fc20.x86_64
> cyrus-sasl-scram-2.1.26-14.fc20.x86_64
> erlang-sasl-R16B-03.7.fc20.x86_64
> qpid-cpp-server-0.26-13.fc20.x86_64
> Reporter: Brian Bouterse
> Priority: Minor
>
> If I have the broker configured with --auth yes, it correctly advertises auth
> mechanisms: ['ANONYMOUS', 'PLAIN'].
> If I run the following python code to connect using an empty password with
> username 'guest' and only allowing 'PLAIN' I expect to get an "Authentication
> failed(320)", but instead I receive a "sasl negotiation failed: no mechanism
> agreed".
> from qpid.messaging import Connection
> info = { 'username': 'guest', 'sasl_mechanisms': 'PLAIN', 'host':
> '127.0.0.1', 'timeout': 4, 'password': '', 'port': 5672, 'transport': 'tcp'}
> Connection.establish(**info)
> I also get the sasl negotiation failed with this code:
> from qpid.messaging import Connection
> info = { 'username': 'guest', 'sasl_mechanisms': 'PLAIN', 'host':
> '127.0.0.1', 'timeout': 4, 'password': None, 'port': 5672, 'transport': 'tcp'}
> Connection.establish(**info)
> I am using the builtin auth and not the saslwrapper auth because I do not
> have the packages 'saslwraper' and 'python-saslwrapper' installed.
> I expected that a username='guest' and password=None or password='' should
> still agree on PLAIN and continue to try to authentication. This is also
> similar to the behavior of saslwrapper.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
