qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jiraposter@reviews.apache.org (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-3652) Cluster authentication ignores cluster-* settings
Date Mon, 05 Dec 2011 21:30:41 GMT

    [ https://issues.apache.org/jira/browse/QPID-3652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13163058#comment-13163058
] 

jiraposter@reviews.apache.org commented on QPID-3652:
-----------------------------------------------------



bq.  On 2011-12-05 18:44:53, Gordon Sim wrote:
bq.  > /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h, line 88
bq.  > <https://reviews.apache.org/r/2988/diff/1/?file=61523#file61523line88>
bq.  >
bq.  >     The last sentence in this comment isn't entirely true... it will only compare
the id against the username if the userid of the connection was in the default domain. Not
a big issue, I just got confused when first reading this.

Updated to:     * If id has the default realm will also compare plain username.          
           


bq.  On 2011-12-05 18:44:53, Gordon Sim wrote:
bq.  > /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h, line 133
bq.  > <https://reviews.apache.org/r/2988/diff/1/?file=61523#file61523line133>
bq.  >
bq.  >     Does isDefaultRealm get initialised anywhere?

It should be initialized in the ctor, will do that.


- Alan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2988/#review3627
-----------------------------------------------------------


On 2011-12-01 21:09:19, Alan Conway wrote:
bq.  
bq.  -----------------------------------------------------------
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2988/
bq.  -----------------------------------------------------------
bq.  
bq.  (Updated 2011-12-01 21:09:19)
bq.  
bq.  
bq.  Review request for qpid, Gordon Sim and Ted Ross.
bq.  
bq.  
bq.  Summary
bq.  -------
bq.  
bq.  QPID-3652: Fix cluster authentication.
bq.  
bq.  Only allow brokers that authenticate as the cluster-username to join a cluster.
bq.  
bq.  New broker first connects to  a cluster broker authenticates as the cluster-username
bq.  and sends its CPG member ID to the qpid.cluster-credentials exchange.
bq.  The cluster broker that subsequently acts as updater verifies that the credentials are
bq.  valid before connecting to give the update.
bq.  
bq.  NOTE: If you are using an ACL, the cluster-username must be allowed to
bq.  publish to the qpid.cluster-credentials exchange. E.g. in your ACL file:
bq.  
bq.  acl allow foo@QPID publish exchange name=qpid.cluster-credentials
bq.  
bq.  
bq.  This addresses bug QPID-3652.
bq.      https://issues.apache.org/jira/browse/QPID-3652
bq.  
bq.  
bq.  Diffs
bq.  -----
bq.  
bq.    /trunk/qpid/cpp/rubygen/amqpgen.rb 1209052 
bq.    /trunk/qpid/cpp/src/Makefile.am 1209052 
bq.    /trunk/qpid/cpp/src/cluster.mk 1209052 
bq.    /trunk/qpid/cpp/src/qpid/UrlArray.h PRE-CREATION 
bq.    /trunk/qpid/cpp/src/qpid/UrlArray.cpp PRE-CREATION 
bq.    /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h 1209052 
bq.    /trunk/qpid/cpp/src/qpid/broker/SemanticState.h 1209052 
bq.    /trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp 1209052 
bq.    /trunk/qpid/cpp/src/qpid/client/FailoverListener.cpp 1209052 
bq.    /trunk/qpid/cpp/src/qpid/cluster/Cluster.h 1209052 
bq.    /trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp 1209052 
bq.    /trunk/qpid/cpp/src/qpid/cluster/CredentialsExchange.h PRE-CREATION 
bq.    /trunk/qpid/cpp/src/qpid/cluster/CredentialsExchange.cpp PRE-CREATION 
bq.    /trunk/qpid/cpp/src/qpid/cluster/FailoverExchange.cpp 1209052 
bq.    /trunk/qpid/cpp/src/qpid/cluster/InitialStatusMap.h 1209052 
bq.    /trunk/qpid/cpp/src/qpid/cluster/InitialStatusMap.cpp 1209052 
bq.    /trunk/qpid/cpp/src/tests/InitialStatusMap.cpp 1209052 
bq.    /trunk/qpid/cpp/src/tests/brokertest.py 1209052 
bq.    /trunk/qpid/cpp/src/tests/cluster_authentication_soak.cpp 1209052 
bq.    /trunk/qpid/cpp/src/tests/cluster_tests.py 1209052 
bq.    /trunk/qpid/cpp/xml/cluster.xml 1209052 
bq.  
bq.  Diff: https://reviews.apache.org/r/2988/diff
bq.  
bq.  
bq.  Testing
bq.  -------
bq.  
bq.  3 new tests in cluster_tests.py, tested by hand with ANONYMOUS, PLAIN and DIGEST-MD5
mechanisms.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Alan
bq.  
bq.


                
> Cluster authentication ignores cluster-* settings
> -------------------------------------------------
>
>                 Key: QPID-3652
>                 URL: https://issues.apache.org/jira/browse/QPID-3652
>             Project: Qpid
>          Issue Type: Bug
>    Affects Versions: 0.12
>            Reporter: Alan Conway
>            Assignee: Alan Conway
>
> Authentication of qpid nodes within a cluster does not follow parameters
> cluster-mechanism, cluster-username and cluster-password in many cases.
> For more details: https://bugzilla.redhat.com/show_bug.cgi?id=730017

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org


Mime
View raw message