On 08/05/2015 03:31 PM, Ken Giusti wrote:
 if I simply remove the PLAIN sasl mechs (client specifies no mechs in this 
case), DIGEST-MD5 is selected:


$ ./send.py -a amqp://192.168.122.209:5672 --target amq.topic --username admin 
--password qpid
KAG outcome = 1
KAG condition = None
Connection failed: Condition('amqp:unauthorized-access', 'Authentication 
failed')
connection_failed, error=Condition('amqp:unauthorized-access', 'Authentication 
failed') (ignored)
Send failed due to connection failure!


broker log:

$ 2015-08-05 10:27:07 [Security] info SASL: Mechanism list: DIGEST-MD5 CRAM-MD5 
PLAIN
2015-08-05 10:27:07 [Security] info SASL: Starting authentication with 
mechanism: DIGEST-MD5
2015-08-05 10:27:07 [Security] info 
qpid.192.168.122.209:5672-192.168.122.1:38081 Challenge issued
2015-08-05 10:27:07 [Security] info 
qpid.192.168.122.209:5672-192.168.122.1:38081 Failed to authenticate
2015-08-05 10:27:07 [Security] info 
qpid.192.168.122.209:5672-192.168.122.1:38081 Connection closed prior to 
authentication completing

Well, that's a head scratcher.

Thoughts?

You need to specify 'amqp' as the sasl service name using the newly added --sasl-service-name option to qpidd (this defaults to 'qpidd').

Reply via email to