qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Bouterse (JIRA)" <j...@apache.org>
Subject [jira] [Created] (QPID-6674) EXTERNAL sasl mech without username gives "no mechanism available" error message
Date Mon, 03 Aug 2015 21:11:04 GMT
Brian Bouterse created QPID-6674:
------------------------------------

             Summary: EXTERNAL sasl mech without username gives "no mechanism available" error
message
                 Key: QPID-6674
                 URL: https://issues.apache.org/jira/browse/QPID-6674
             Project: Qpid
          Issue Type: Bug
          Components: Python Client
    Affects Versions: 0.26
         Environment: cyrus-sasl-scram-2.1.26-14.fc20.x86_64
cyrus-sasl-plain-2.1.26-14.fc20.x86_64
cyrus-sasl-gssapi-2.1.26-14.fc20.x86_64
cyrus-sasl-2.1.26-14.fc20.x86_64
python-saslwrapper-0.16-5.fc20.x86_64
erlang-sasl-R16B-03.10.fc20.x86_64
cyrus-sasl-lib-2.1.26-14.fc20.x86_64
cyrus-sasl-md5-2.1.26-14.fc20.x86_64
cyrus-sasl-devel-2.1.26-14.fc20.x86_64
saslwrapper-0.16-5.fc20.x86_64

qpid-cpp-server-0.26-13.fc20.x86_64
python-qpid-proton-0.7-3.fc20.x86_64
qpid-tools-0.26-13.fc20.noarch
qpid-cpp-client-0.26-13.fc20.x86_64
qpid-cpp-server-store-0.26-13.fc20.x86_64
qpid-proton-c-0.7-3.fc20.x86_64
python-qpid-qmf-0.26-2.fc20.x86_64
python-qpid-0.26-2.fc20.noarch
qpid-qmf-0.26-2.fc20.x86_64
python-qpid-common-0.26-2.fc20.noarch
            Reporter: Brian Bouterse


I tried to use qpid.messaging with EXTERNAL. I was not specifying a username and I received
an error message that makes no sense: "no mechanism available"

I have the following line in sasl2/qpidd.conf:
mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN

The contents of qpidd.conf are:
auth=yes
require-encryption=yes
ssl-require-client-authentication=yes
ssl-cert-db=/etc/pki/pulp/qpid/nss
ssl-cert-password-file=/etc/pki/pulp/qpid/nss/password
ssl-cert-name=broker
ssl-port=5671


If I use ANONYMOUS or PLAIN it works for me, but when I use EXTERNAL I get the strange message.
Here is my reproducer script:

from qpid.messaging.endpoints import Connection

opts = {'ssl_certfile': '/etc/pki/pulp/qpid/client.crt', 'ssl_trustfile': '/etc/pki/pulp/qpid/ca.crt',
'ssl_skip_hostname_check': False, 'sasl_mechanisms': 'EXTERNAL', 'host': 'dhcp129-138.rdu.redhat.com',
'timeout': 4, 'ssl_keyfile': '/etc/pki/pulp/qpid/client.crt', 'port': 5671, 'transport': 'ssl'}

print 'no username'
try:
    Connection.establish(**opts)
except Exception as err:
    print err

print 'wrong username'
opts['username'] = 'wrongusername'
try:
    Connection.establish(**opts)
except Exception as err:
    print err

print 'right username'
opts['username'] = 'client'
try:
    Connection.establish(**opts)
except Exception as err:
    print err
else:
    print 'no error'



When I run that I get this output:

no username
Error in sasl_client_start (-4) SASL(-4): no mechanism available: 
wrong username
connection-forced: Authentication failed(320)
right username
no error

I expected that if a username is required that I would be told that from the error message.
If not all cases require a username then I expect not including a username would give me a
"Authentication failed(320)" also



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message