On 25/02/16 17:23, Alexander N. Moibenko wrote:
On 02/25/2016 10:39 AM, Gordon Sim wrote:
Another workaround is simply to set the sasl_max_ssf to 0. That way
you still use kerberos for authentication, but don't encrypt the
messages.
Could you tell me where and how I set it.
I tried
sasl_max_ssf: 0
in /etc/sasl2/qpidd.conf to no effect.
You need to set it on the clients I'm afraid. It is a connection option
for qpid::messaging, so use qpid::messaging::Connection::setOption().
I have been assuming you are using AMQP 0-10 here. If so, another option
might be to try using AMQP 1.0? (Specify connection option 'protocol' as
'amqp1.0'). I am merely speculating here, but certainly it does not have
the same protocol level limit and it is a different codepath for
fragmentation etc.
If you can test whether
reducing that value fixes your issue, that would speed up resolution.
In any case, raise a JIRA for this and I'll try to have a look at it
asap.
reducing what value?
I meant the maxbufsize for cyrus sasl. Actually though, now I think
about it more, I'm not so sure this is the issue. It is the whole frame
that is encrypted, not just the payload, and in any case this value is
merely an indication of how much data to expect as input.
I am sorry, I do not know how to open JIRA.
Can you provide instructions?
Go to https://issues.apache.org/jira/browse/QPID/ and click the 'create'
button, then fill in the form with as much detail as you can and submit.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
