On 02/25/2016 11:48 AM, Gordon Sim wrote:
On 25/02/16 17:23, Alexander N. Moibenko wrote:
On 02/25/2016 10:39 AM, Gordon Sim wrote:
Another workaround is simply to set the sasl_max_ssf to 0. That way
you still use kerberos for authentication, but don't encrypt the
messages.
Could you tell me where and how I set it.
I tried
sasl_max_ssf: 0
in /etc/sasl2/qpidd.conf to no effect.
You need to set it on the clients I'm afraid. It is a connection
option for qpid::messaging, so use
qpid::messaging::Connection::setOption().
I have been assuming you are using AMQP 0-10 here. If so, another
option might be to try using AMQP 1.0? (Specify connection option
'protocol' as 'amqp1.0'). I am merely speculating here, but certainly
it does not have the same protocol level limit and it is a different
codepath for fragmentation etc.
I am doing this using python inteface.
Here is the simple test code:
import qpid.messaging
conn = qpid.messaging.Connection(host='dmsen05',
port=5672,
username=None,
password=None,
sasl_max_ssf=0,
sasl_mechanisms=['GSSAPI'],
reconnect=True,
reconnect_interval=60,
)
conn.open()
print "OPEN"
conn.close()
Here is what happens:
[enstore@dmsen05 messaging]$ python ct.py
Traceback (most recent call last):
File "ct.py", line 12, in <module>
conn.open()
File "<string>", line 6, in open
File
"/opt/enstore/Python/lib/python2.7/site-packages/qpid/messaging/endpoints.py",
line 256, in open
self.attach()
File "<string>", line 6, in attach
File
"/opt/enstore/Python/lib/python2.7/site-packages/qpid/messaging/endpoints.py",
line 274, in attach
self._ewait(lambda: self._transport_connected and not
self._unlinked())
File
"/opt/enstore/Python/lib/python2.7/site-packages/qpid/messaging/endpoints.py",
line 209, in _ewait
self.check_error()
File
"/opt/enstore/Python/lib/python2.7/site-packages/qpid/messaging/endpoints.py",
line 202, in check_error
raise self.error
qpid.messaging.exceptions.InternalError: Traceback (most recent call
last):
File
"/opt/enstore/Python/lib/python2.7/site-packages/qpid/messaging/driver.py",
line 509, in dispatch
self.connect()
File
"/opt/enstore/Python/lib/python2.7/site-packages/qpid/messaging/driver.py",
line 528, in connect
self.engine = Engine(self.connection)
File
"/opt/enstore/Python/lib/python2.7/site-packages/qpid/messaging/driver.py",
line 615, in __init__
self._sasl.setAttr("maxssf", self.connection.sasl_max_ssf)
File "/opt/enstore/Python/lib/python2.7/site-packages/qpid/sasl.py",
line 36, in setAttr
raise SASLError(self._cli.getError())
SASLError: Error in setAttr (-1) Unknown string attribute name - maxssf
Looks as there is another bug, now in qpid/sasl.py, this file is a part
of rpm python-qpid-0.14-11.el6_3.noarch
