I'd like to improve the dispatch out-of-box experience and doc regarding SASL. Our present experience is Doesn't Work By Default/No Useful Errors/Nothing In Doc (apologies if I'm just being dim)
My use case is: - install dispatch (using make install to /usr/local) - start qdrouterd with no arguments, using installed default config - run 'qdstat -g' to see something happen. The installer installs: /usr/local/etc/sasl2/qdrouterd.conf The only documentation about SASL config is in comments in that file, following those I did: sudo saslpasswd2 -c -f /var/lib/qdrouterd/qdrouterd.sasldb -u QPID user and set password "pass". However this doesn't work: PN_TRACE_FRM=1 qdstat -g -b user:pass@localhost [0x563852c40550]: -> SASL [0x563852c40550]: <- SASL [0x563852c40550]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:"SCRAM-SHA-1", :GSSAPI, :"GSS-SPNEGO", :"DIGEST-MD5", :"CRAM-MD5", :PLAIN, :LOGIN, :ANONYMOUS]] [0x563852c40550]: -> EOS ConnectionException: Connection amqp://user:pass@localhost:amqp/$management disconnected There are no useful log messages, the exception is completely unhelpful. Only using PN_TRACE_FRM=1 reveals this to be a SASL issue. According to strace, qdrouterd never opens /usr/local/etc/sasl2/qdrouterd.conf so I suspect there may be a problem with the default install location. I never understood the role of the SASL "domain" or why it should be QPID for qdrouterd - can anyone explain? "user@QPID:pass@localhost" seems like it would confuse the URL parser so I guess domain @QPID is a built-in default or settable in some other way, but there's nothing obvious in the qdstat -h output. Why does saslpasswd2 have a -a "appname" argument? Should we be setting it to qdrouterd to create qdrouterd users? I volunteer to write some doc for this if anyone can explain it to me. The only way I can get anything to work is to edit the config and add "saslMechanisms: ANONYMOUS" on the acceptor. Cheers, Alan. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
