Hi all,
I thought I'd have an initial play with authentication, but I'm afraid
that I seem to be failing at the first hurdle.
So what I've done so far is:
I knew that there are potential issues with permissions with the
qpidd.sasldb so my first step was to copy etc/sasl2/qpidd.conf and
qpidd.sasldb to my home directory (just to make things easier while I'm
playing). I modified qpidd.conf with
sasldb_path: /home/fadams/qpidd.sasldb
I checked
sasldblistusers2 -f /home/fadams/qpidd.sasldb
and got (as expected)
guest@QPID: userPassword
and was able to add other users using
saslpasswd2 -f /home/fadams/qpidd.sasldb -u QPID fadams
So I started qpidd as myself with:
qpidd --sasl-config /home/fadams/qpidd.conf -t
And in the trace I got:
2011-10-04 18:57:59 info SASL: config path set to /home/fadams/qpidd.conf
2011-10-04 18:57:59 info SASL enabled
2011-10-04 18:57:59 notice Listening on TCP port 5672
2011-10-04 18:57:59 info Policy file not specified. ACL Disabled, no ACL
checking being done!
2011-10-04 18:57:59 notice Broker running
2011-10-04 18:58:04 debug RECV [127.0.0.1:5672-127.0.0.1:35444] INIT(0-10)
2011-10-04 18:58:04 debug External ssf=0 and auth=
2011-10-04 18:58:04 debug min_ssf: 0, max_ssf: 256, external_ssf: 0
2011-10-04 18:58:04 info SASL: Mechanism list: NTLM CRAM-MD5 LOGIN
DIGEST-MD5 ANONYMOUS PLAIN
Which looked OK to me.
However I then tried to connect with a Java consumer using a fairly
basic connection URL
connectionfactory.ConnectionFactory =
amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672'
Which failed with "session creation failed"
And a broker trace of:
2011-10-04 18:58:04 trace SENT [127.0.0.1:5672-127.0.0.1:35444]:
Frame[BEbe; channel=0; {ConnectionStartBody:
server-properties={qpid.federation_tag:V2:36:str16(04cb2a36-ccaa-4762-9e9a-56329c267085)};
mechanisms=str16{V2:4:str16(NTLM), V2:8:str16(CRAM-MD5),
V2:5:str16(LOGIN), V2:10:str16(DIGEST-MD5), V2:9:str16(ANONYMOUS),
V2:5:str16(PLAIN)}; locales=str16{V2:5:str16(en_US)}; }]
2011-10-04 18:58:04 trace RECV [127.0.0.1:5672-127.0.0.1:35444]:
Frame[BEbe; channel=0; {ConnectionStartOkBody:
client-properties={clientName:V2:8:str16(clientid),qpid.client_pid:F4:int32(7032),qpid.client_process:V2:16:str16(Qpid
Java Client),qpid.session_flow:F4:int32(1)}; mechanism=PLAIN;
response=xxxxxx; }]
2011-10-04 18:58:04 debug SASL: Starting authentication with mechanism:
PLAIN
2011-10-04 18:58:04 info SASL: Authentication failed for
guest@QPID:SASL(-13): user not found: Password verification failed
2011-10-04 18:58:04 debug Exception constructed: Authentication failed
2011-10-04 18:58:04 debug SEND raiseEvent (v1)
class=org.apache.qpid.broker.clientConnectFail
2011-10-04 18:58:04 debug SEND raiseEvent (v2)
class=org.apache.qpid.broker.clientConnectFail
2011-10-04 18:58:04 trace SENT [127.0.0.1:5672-127.0.0.1:35444]:
Frame[BEbe; channel=0; {ConnectionCloseBody: reply-code=320;
reply-text=connection-forced: Authentication failed; }]
2011-10-04 18:58:04 trace RECV [127.0.0.1:5672-127.0.0.1:35444]:
Frame[BEbe; channel=0; {ConnectionCloseOkBody: }]
2011-10-04 18:58:04 debug DISCONNECTED [127.0.0.1:5672-127.0.0.1:35444]
I also tried explicitly setting the realm using:
qpidd --sasl-config /home/fadams/qpidd.conf --realm QPID -t
but that was equally unsuccessful.
Finally as much out of desperation as anything I tried:
sudo qpidd -t
which clearly should have picked up the default stuff in the default
qpidd.sasldb locations and clearly would have the correct read
permissions. Again I got:
2011-10-04 19:41:59 info SASL: Authentication failed for
guest@QPID:SASL(-13): user not found: Password verification failed
I'd be really grateful if someone who knows about this stuff could
suggest what I've done wrong. I can't see why I should be getting "user
not found" with a fairly vanilla set up.
MTIA
Frase
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
