Uploaded image for project: 'Qpid Dispatch'
  1. Qpid Dispatch
  2. DISPATCH-224

Tools fail with no useful error in some SASL configurations



    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 0.5
    • 0.7.0
    • Documentation
    • None


      (Downgraded to a doc issue, but still a serious one. See comment-15323200)

      A simple test of a default install of dispatch in /usr/local does not work:

      $ make install
      $ qdrouterd&
      $ qdstat -g
      ConnectionException: Connection amqp://$management disconnected

      The exception gives no hint why we were disconnected, and the router log file has no entries at all regarding the disconnection. The actual cause is a SASL rejection due to invalid configuration. There are several issues that need fixing:

      • The router log should show an error if SASL cant find/parse its config file.
      • The router log should show an error if a connection is rejected for security reasons.
      • The client exception should indicate that the disconnect was caused by a security problem.
      • The router should look for SASL configuration under its install prefix since that is where it is installed.
      • The default router configuration needs to be updated to either be functional or clearly NON functional.

      Question is is what should the default configuration allow? IMO it should at least allow you to use the tools shipped with qdrouterd to verify that it is running and working.

      The alternative is don't ship a default config at all. In that case the router should fail to start at all with a clear message "you must configure me first, see $prefix/share/doc/qdrouter/config-examples." We can provide a sample "qdrouterd-insecure.conf" to get developers started quickly without forcing them to learn SASL first. We can add other example configs for different scenarios as we go.


        Issue Links



              tross Ted Ross
              aconway Alan Conway
              0 Vote for this issue
              4 Start watching this issue