On 12/17/2009 02:37 AM, Sandy Pratt wrote:
Thanks Alan. I made a new build from trunk and things are going well so far,
except that when I enable auth=yes, I get the following:
2009-12-16 18:33:18 error qpid/amqp_0_10/SessionHandler.cpp:97: Execution
exception: unauthorized-access: authorised user id : prat...@qpid but user id
in message decla
red as prattrs (qpid/broker/SemanticState.cpp:435)
I'm pretty sure the password is correct, because if I change it I get an
entirely different authentication error.
I think this is due to a change in the way the broker checks the userid
set on a message[1]. For e.g. GSSAPI based authentication it is
important that this includes the domain[2]
However for PLAIN authentication I think the realm is added as a
'pseudo' domain by cyrus-sasl and I'm not sure the client can in general
know this(?).
I'm not sure what the best fix is here. Perhaps the checking on the
broker should just be a little cleverer and should not fail if the
client has not specified a domain in the userid property of a message
and the userid is in the 'default' domain (named after the realm)?
Any thoughts?
I've raised a JIRA for this[3]. As it is a regression for some cases I
think it is a blocker for 0.6 and have marked it as such.
[1]
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp?r1=819819&r2=819818&pathrev=819819
[2] https://issues.apache.org/jira/browse/QPID-2129
[3] https://issues.apache.org/jira/browse/QPID-2290
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
