Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-6674

EXTERNAL sasl mech without username gives "no mechanism available" error message

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.26
    • Fix Version/s: None
    • Component/s: Python Client
    • Labels:
      None
    • Environment:

      Description

      I tried to use qpid.messaging with EXTERNAL. I was not specifying a username and I received an error message that makes no sense: "no mechanism available"

      I have the following line in sasl2/qpidd.conf:
      mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN

      The contents of qpidd.conf are:
      auth=yes
      require-encryption=yes
      ssl-require-client-authentication=yes
      ssl-cert-db=/etc/pki/pulp/qpid/nss
      ssl-cert-password-file=/etc/pki/pulp/qpid/nss/password
      ssl-cert-name=broker
      ssl-port=5671

      If I use ANONYMOUS or PLAIN it works for me, but when I use EXTERNAL I get the strange message. Here is my reproducer script:

      from qpid.messaging.endpoints import Connection

      opts =

      {'ssl_certfile': '/etc/pki/pulp/qpid/client.crt', 'ssl_trustfile': '/etc/pki/pulp/qpid/ca.crt', 'ssl_skip_hostname_check': False, 'sasl_mechanisms': 'EXTERNAL', 'host': 'dhcp129-138.rdu.redhat.com', 'timeout': 4, 'ssl_keyfile': '/etc/pki/pulp/qpid/client.crt', 'port': 5671, 'transport': 'ssl'}

      print 'no username'
      try:
      Connection.establish(**opts)
      except Exception as err:
      print err

      print 'wrong username'
      opts['username'] = 'wrongusername'
      try:
      Connection.establish(**opts)
      except Exception as err:
      print err

      print 'right username'
      opts['username'] = 'client'
      try:
      Connection.establish(**opts)
      except Exception as err:
      print err
      else:
      print 'no error'

      When I run that I get this output:

      no username
      Error in sasl_client_start (-4) SASL(-4): no mechanism available:
      wrong username
      connection-forced: Authentication failed(320)
      right username
      no error

      I expected that if a username is required that I would be told that from the error message. If not all cases require a username then I expect not including a username would give me a "Authentication failed(320)" also

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bmbouter Brian Bouterse
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: