qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jiraposter@reviews.apache.org (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-3652) Cluster authentication ignores cluster-* settings
Date Thu, 01 Dec 2011 21:10:42 GMT

    [ https://issues.apache.org/jira/browse/QPID-3652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13161169#comment-13161169
] 

jiraposter@reviews.apache.org commented on QPID-3652:
-----------------------------------------------------


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2988/
-----------------------------------------------------------

Review request for qpid, Gordon Sim and Ted Ross.


Summary
-------

QPID-3652: Fix cluster authentication.

Only allow brokers that authenticate as the cluster-username to join a cluster.

New broker first connects to  a cluster broker authenticates as the cluster-username
and sends its CPG member ID to the qpid.cluster-credentials exchange.
The cluster broker that subsequently acts as updater verifies that the credentials are
valid before connecting to give the update.

NOTE: If you are using an ACL, the cluster-username must be allowed to
publish to the qpid.cluster-credentials exchange. E.g. in your ACL file:

acl allow foo@QPID publish exchange name=qpid.cluster-credentials


This addresses bug QPID-3652.
    https://issues.apache.org/jira/browse/QPID-3652


Diffs
-----

  /trunk/qpid/cpp/rubygen/amqpgen.rb 1209052 
  /trunk/qpid/cpp/src/Makefile.am 1209052 
  /trunk/qpid/cpp/src/cluster.mk 1209052 
  /trunk/qpid/cpp/src/qpid/UrlArray.h PRE-CREATION 
  /trunk/qpid/cpp/src/qpid/UrlArray.cpp PRE-CREATION 
  /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h 1209052 
  /trunk/qpid/cpp/src/qpid/broker/SemanticState.h 1209052 
  /trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp 1209052 
  /trunk/qpid/cpp/src/qpid/client/FailoverListener.cpp 1209052 
  /trunk/qpid/cpp/src/qpid/cluster/Cluster.h 1209052 
  /trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp 1209052 
  /trunk/qpid/cpp/src/qpid/cluster/CredentialsExchange.h PRE-CREATION 
  /trunk/qpid/cpp/src/qpid/cluster/CredentialsExchange.cpp PRE-CREATION 
  /trunk/qpid/cpp/src/qpid/cluster/FailoverExchange.cpp 1209052 
  /trunk/qpid/cpp/src/qpid/cluster/InitialStatusMap.h 1209052 
  /trunk/qpid/cpp/src/qpid/cluster/InitialStatusMap.cpp 1209052 
  /trunk/qpid/cpp/src/tests/InitialStatusMap.cpp 1209052 
  /trunk/qpid/cpp/src/tests/brokertest.py 1209052 
  /trunk/qpid/cpp/src/tests/cluster_authentication_soak.cpp 1209052 
  /trunk/qpid/cpp/src/tests/cluster_tests.py 1209052 
  /trunk/qpid/cpp/xml/cluster.xml 1209052 

Diff: https://reviews.apache.org/r/2988/diff


Testing
-------

3 new tests in cluster_tests.py, tested by hand with ANONYMOUS, PLAIN and DIGEST-MD5 mechanisms.


Thanks,

Alan


                
> Cluster authentication ignores cluster-* settings
> -------------------------------------------------
>
>                 Key: QPID-3652
>                 URL: https://issues.apache.org/jira/browse/QPID-3652
>             Project: Qpid
>          Issue Type: Bug
>    Affects Versions: 0.12
>            Reporter: Alan Conway
>            Assignee: Alan Conway
>
> Authentication of qpid nodes within a cluster does not follow parameters
> cluster-mechanism, cluster-username and cluster-password in many cases.
> For more details: https://bugzilla.redhat.com/show_bug.cgi?id=730017

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org


Mime
View raw message