Hrmm... something isn't working:
I'm unable to authenticate with any mechanism other than PLAIN against trunk
qpidd using this beta2.
Specifically - I built qpidd's AMQP 1.0 support against this beta. I've
configured qpidd with a user admin password 'qpid'. default mechs are
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN
I can connect fine with qpid-stat (on trunk):
qpid-stat -q -b amqp://admin/qpid@192.168.122.209
<blah blah - good output>
logs on the broker:
2015-08-05 10:23:32 [Security] info SASL: Mechanism list: DIGEST-MD5 CRAM-MD5
PLAIN
2015-08-05 10:23:32 [Security] info SASL: Starting authentication with
mechanism: DIGEST-MD5
2015-08-05 10:23:32 [Security] info
qpid.192.168.122.209:5672-192.168.122.1:38072 SASL: Authentication succeeded
for: admin@QPID
Using a pyngus test client running the beta 2 proton, I can send a message if I
force PLAIN:
$ ./send.py -a amqp://192.168.122.209:5672 --target amq.topic --username admin
--password qpid --sasl-mechs "PLAIN"
KAG outcome = 0
KAG condition = None
Send done, status=Accepted
broker log:
2015-08-05 10:25:22 [Security] info SASL: Mechanism list: DIGEST-MD5 CRAM-MD5
PLAIN
2015-08-05 10:25:22 [Security] info SASL: Starting authentication with
mechanism: PLAIN
2015-08-05 10:25:22 [Security] info
qpid.192.168.122.209:5672-192.168.122.1:38075 Authenticated as admin@QPID
Again, happy. BUT if I simply remove the PLAIN sasl mechs (client specifies no
mechs in this case), DIGEST-MD5 is selected:
$ ./send.py -a amqp://192.168.122.209:5672 --target amq.topic --username admin
--password qpid
KAG outcome = 1
KAG condition = None
Connection failed: Condition('amqp:unauthorized-access', 'Authentication
failed')
connection_failed, error=Condition('amqp:unauthorized-access', 'Authentication
failed') (ignored)
Send failed due to connection failure!
broker log:
$ 2015-08-05 10:27:07 [Security] info SASL: Mechanism list: DIGEST-MD5 CRAM-MD5
PLAIN
2015-08-05 10:27:07 [Security] info SASL: Starting authentication with
mechanism: DIGEST-MD5
2015-08-05 10:27:07 [Security] info
qpid.192.168.122.209:5672-192.168.122.1:38081 Challenge issued
2015-08-05 10:27:07 [Security] info
qpid.192.168.122.209:5672-192.168.122.1:38081 Failed to authenticate
2015-08-05 10:27:07 [Security] info
qpid.192.168.122.209:5672-192.168.122.1:38081 Connection closed prior to
authentication completing
Well, that's a head scratcher.
Thoughts?
----- Original Message -----
> From: "Gordon Sim" <g...@redhat.com>
> To: proton@qpid.apache.org
> Sent: Tuesday, August 4, 2015 5:35:49 PM
> Subject: Re: 0.10 beta2 now available
>
> On 08/04/2015 05:30 PM, Robbie Gemmell wrote:
> > On 3 August 2015 at 18:40, Robbie Gemmell <robbie.gemm...@gmail.com> wrote:
> >> Hi folks,
> >>
> >> I have put up a 0.10 beta2 cut from the new 0.10.x branch. I'll be
> >> looking to cut RC1 in the next couple of days and immediately proceed
> >> to vote on it, so please give the beta a kick of the tyres and report
> >> back your findings.
> >>
> >> You can find the files here:
> >> https://dist.apache.org/repos/dist/dev/qpid/proton/0.10-beta2/
> >>
> >> Java binaries are also available in a temporary staging repo at:
> >> https://repository.apache.org/content/repositories/orgapacheqpid-1039
> >>
> >> Robbie
> >
> > I gave things a kick of the tyres as follows:
> > # Verified checksums ok.
> > # Checked LICENCE and NOTICE present and look ok.
> > # Ran the build and tests via Maven.
> > # Ran the build/tests/install via CMake.
> > # Built qpid-cpp 0.34 against the above install.
> > # Ran the JMS client build+tests from master against the staging repo.
> > # Ran the JMS client HelloWorld example against the earlier built 0.34
> > cpp broker.
> > # Ran the ActiveMQ build + amqp tests from master using the staging repo.
>
> Looks good to me also; I ran the tests and also those of qpid-cpp
> against it.
>
>
--
-K
