Hrmm... something isn't working:

I'm unable to authenticate with any mechanism other than PLAIN against trunk 
qpidd using this beta2.

Specifically - I built qpidd's AMQP 1.0 support against this beta.  I've 
configured qpidd with a user admin password 'qpid'.  default mechs are 

mech_list: DIGEST-MD5 CRAM-MD5 PLAIN

I can connect fine with qpid-stat (on trunk):

qpid-stat -q -b amqp://admin/qpid@192.168.122.209
<blah blah - good output>

logs on the broker: 

2015-08-05 10:23:32 [Security] info SASL: Mechanism list: DIGEST-MD5 CRAM-MD5 
PLAIN
2015-08-05 10:23:32 [Security] info SASL: Starting authentication with 
mechanism: DIGEST-MD5
2015-08-05 10:23:32 [Security] info 
qpid.192.168.122.209:5672-192.168.122.1:38072 SASL: Authentication succeeded 
for: admin@QPID

Using a pyngus test client running the beta 2 proton, I can send a message if I 
force PLAIN:

$ ./send.py -a amqp://192.168.122.209:5672 --target amq.topic --username admin 
--password qpid --sasl-mechs "PLAIN"
KAG outcome = 0
KAG condition = None
Send done, status=Accepted

broker log:

2015-08-05 10:25:22 [Security] info SASL: Mechanism list: DIGEST-MD5 CRAM-MD5 
PLAIN
2015-08-05 10:25:22 [Security] info SASL: Starting authentication with 
mechanism: PLAIN
2015-08-05 10:25:22 [Security] info 
qpid.192.168.122.209:5672-192.168.122.1:38075 Authenticated as admin@QPID

Again, happy.  BUT if I simply remove the PLAIN sasl mechs (client specifies no 
mechs in this case), DIGEST-MD5 is selected:


$ ./send.py -a amqp://192.168.122.209:5672 --target amq.topic --username admin 
--password qpid
KAG outcome = 1
KAG condition = None
Connection failed: Condition('amqp:unauthorized-access', 'Authentication 
failed')
connection_failed, error=Condition('amqp:unauthorized-access', 'Authentication 
failed') (ignored)
Send failed due to connection failure!


broker log:

$ 2015-08-05 10:27:07 [Security] info SASL: Mechanism list: DIGEST-MD5 CRAM-MD5 
PLAIN
2015-08-05 10:27:07 [Security] info SASL: Starting authentication with 
mechanism: DIGEST-MD5
2015-08-05 10:27:07 [Security] info 
qpid.192.168.122.209:5672-192.168.122.1:38081 Challenge issued
2015-08-05 10:27:07 [Security] info 
qpid.192.168.122.209:5672-192.168.122.1:38081 Failed to authenticate
2015-08-05 10:27:07 [Security] info 
qpid.192.168.122.209:5672-192.168.122.1:38081 Connection closed prior to 
authentication completing

Well, that's a head scratcher. 

Thoughts?  


----- Original Message -----
> From: "Gordon Sim" <g...@redhat.com>
> To: proton@qpid.apache.org
> Sent: Tuesday, August 4, 2015 5:35:49 PM
> Subject: Re: 0.10 beta2 now available
> 
> On 08/04/2015 05:30 PM, Robbie Gemmell wrote:
> > On 3 August 2015 at 18:40, Robbie Gemmell <robbie.gemm...@gmail.com> wrote:
> >> Hi folks,
> >>
> >> I have put up a 0.10 beta2 cut from the new 0.10.x branch. I'll be
> >> looking to cut RC1 in the next couple of days and immediately proceed
> >> to vote on it, so please give the beta a kick of the tyres and report
> >> back your findings.
> >>
> >> You can find the files here:
> >> https://dist.apache.org/repos/dist/dev/qpid/proton/0.10-beta2/
> >>
> >> Java binaries are also available in a temporary staging repo at:
> >> https://repository.apache.org/content/repositories/orgapacheqpid-1039
> >>
> >> Robbie
> >
> > I gave things a kick of the tyres as follows:
> > # Verified checksums ok.
> > # Checked LICENCE and NOTICE present and look ok.
> > # Ran the build and tests via Maven.
> > # Ran the build/tests/install via CMake.
> > # Built qpid-cpp 0.34 against the above install.
> > # Ran the JMS client build+tests from master against the staging repo.
> > # Ran the JMS client HelloWorld example against the earlier built 0.34
> > cpp broker.
> > # Ran the ActiveMQ build + amqp tests from master using the staging repo.
> 
> Looks good to me also; I ran the tests and also those of qpid-cpp
> against it.
> 
> 

-- 
-K

Reply via email to