Thanks Gordon - 

Specifying --sasl-service-name amqp does avoid the authentication failure.

The client now core dumps instead.

>From the dump it looks like we're trying to decode uninitialized memory.  
>Since the broker seems fine, it could be that pyngus is passing garbage to 
>proton.  Digging in now...



----- Original Message -----
> From: "Gordon Sim" <g...@redhat.com>
> To: proton@qpid.apache.org
> Sent: Wednesday, August 5, 2015 11:00:25 AM
> Subject: Re: 0.10 beta2 now available
> 
> On 08/05/2015 03:31 PM, Ken Giusti wrote:
> >  if I simply remove the PLAIN sasl mechs (client specifies no mechs in this
> >  case), DIGEST-MD5 is selected:
> >
> >
> > $ ./send.py -a amqp://192.168.122.209:5672 --target amq.topic --username
> > admin --password qpid
> > KAG outcome = 1
> > KAG condition = None
> > Connection failed: Condition('amqp:unauthorized-access', 'Authentication
> > failed')
> > connection_failed, error=Condition('amqp:unauthorized-access',
> > 'Authentication failed') (ignored)
> > Send failed due to connection failure!
> >
> >
> > broker log:
> >
> > $ 2015-08-05 10:27:07 [Security] info SASL: Mechanism list: DIGEST-MD5
> > CRAM-MD5 PLAIN
> > 2015-08-05 10:27:07 [Security] info SASL: Starting authentication with
> > mechanism: DIGEST-MD5
> > 2015-08-05 10:27:07 [Security] info
> > qpid.192.168.122.209:5672-192.168.122.1:38081 Challenge issued
> > 2015-08-05 10:27:07 [Security] info
> > qpid.192.168.122.209:5672-192.168.122.1:38081 Failed to authenticate
> > 2015-08-05 10:27:07 [Security] info
> > qpid.192.168.122.209:5672-192.168.122.1:38081 Connection closed prior to
> > authentication completing
> >
> > Well, that's a head scratcher.
> >
> > Thoughts?
> 
> You need to specify 'amqp' as the sasl service name using the newly
> added --sasl-service-name option to qpidd (this defaults to 'qpidd').
> 

-- 
-K

Reply via email to