qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DISPATCH-224) Tools fail with no useful error in some SASL configurations
Date Tue, 04 Oct 2016 17:34:21 GMT

    [ https://issues.apache.org/jira/browse/DISPATCH-224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15546075#comment-15546075
] 

ASF subversion and git services commented on DISPATCH-224:
----------------------------------------------------------

Commit 86ba3becc82417cfdbf3f83bd8f6750ead63b7ec in qpid-dispatch's branch refs/heads/0.7.x
from [~tross@redhat.com]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=86ba3be ]

DISPATCH-224 - Restrict the SASL mechanisms to ANONYMOUS when authenticatePeer is off.  This
is a workaround for an apparent Proton bug.


> Tools fail with no useful error in some SASL configurations
> -----------------------------------------------------------
>
>                 Key: DISPATCH-224
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-224
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 0.5
>            Reporter: Alan Conway
>            Assignee: Ted Ross
>            Priority: Critical
>             Fix For: 0.7.0
>
>
> (Downgraded to a doc issue, but still a serious one. See [#comment-15323200])
> A simple test of a default install of dispatch in /usr/local does not work:
> {code}
> $ make install
> $ qdrouterd&
> $ qdstat -g
> ConnectionException: Connection amqp://0.0.0.0:amqp/$management disconnected
> {code}
> The exception gives no hint why we were disconnected, and the router log file has no
entries at all regarding the disconnection. The actual cause is a SASL rejection due to invalid
configuration. There are several issues that need fixing:
> - The router log should show an error if SASL cant find/parse its config file.
> - The router log should show an error if a connection is rejected for security reasons.
> - The client exception should indicate that the disconnect was caused by a security problem.
> - The router should look for SASL configuration under its install prefix since that is
where it is installed.
> - The default router configuration needs to be updated to either be functional or clearly
NON functional.
> Question is is what should the default configuration allow? IMO it should at least allow
you to use the tools shipped with qdrouterd to verify that it is running and working.
> The alternative is don't ship a default config at all. In that case the router should
fail to start at all with a clear message "you must configure me first, see $prefix/share/doc/qdrouter/config-examples."
We can provide a sample "qdrouterd-insecure.conf" to get developers started quickly without
forcing them to learn SASL first. We can add other example configs for different scenarios
as we go.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message