Brian Bouterse created QPID-6674: ------------------------------------ Summary: EXTERNAL sasl mech without username gives "no mechanism available" error message Key: QPID-6674 URL: https://issues.apache.org/jira/browse/QPID-6674 Project: Qpid Issue Type: Bug Components: Python Client Affects Versions: 0.26 Environment: cyrus-sasl-scram-2.1.26-14.fc20.x86_64 cyrus-sasl-plain-2.1.26-14.fc20.x86_64 cyrus-sasl-gssapi-2.1.26-14.fc20.x86_64 cyrus-sasl-2.1.26-14.fc20.x86_64 python-saslwrapper-0.16-5.fc20.x86_64 erlang-sasl-R16B-03.10.fc20.x86_64 cyrus-sasl-lib-2.1.26-14.fc20.x86_64 cyrus-sasl-md5-2.1.26-14.fc20.x86_64 cyrus-sasl-devel-2.1.26-14.fc20.x86_64 saslwrapper-0.16-5.fc20.x86_64
qpid-cpp-server-0.26-13.fc20.x86_64 python-qpid-proton-0.7-3.fc20.x86_64 qpid-tools-0.26-13.fc20.noarch qpid-cpp-client-0.26-13.fc20.x86_64 qpid-cpp-server-store-0.26-13.fc20.x86_64 qpid-proton-c-0.7-3.fc20.x86_64 python-qpid-qmf-0.26-2.fc20.x86_64 python-qpid-0.26-2.fc20.noarch qpid-qmf-0.26-2.fc20.x86_64 python-qpid-common-0.26-2.fc20.noarch Reporter: Brian Bouterse I tried to use qpid.messaging with EXTERNAL. I was not specifying a username and I received an error message that makes no sense: "no mechanism available" I have the following line in sasl2/qpidd.conf: mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN The contents of qpidd.conf are: auth=yes require-encryption=yes ssl-require-client-authentication=yes ssl-cert-db=/etc/pki/pulp/qpid/nss ssl-cert-password-file=/etc/pki/pulp/qpid/nss/password ssl-cert-name=broker ssl-port=5671 If I use ANONYMOUS or PLAIN it works for me, but when I use EXTERNAL I get the strange message. Here is my reproducer script: from qpid.messaging.endpoints import Connection opts = {'ssl_certfile': '/etc/pki/pulp/qpid/client.crt', 'ssl_trustfile': '/etc/pki/pulp/qpid/ca.crt', 'ssl_skip_hostname_check': False, 'sasl_mechanisms': 'EXTERNAL', 'host': 'dhcp129-138.rdu.redhat.com', 'timeout': 4, 'ssl_keyfile': '/etc/pki/pulp/qpid/client.crt', 'port': 5671, 'transport': 'ssl'} print 'no username' try: Connection.establish(**opts) except Exception as err: print err print 'wrong username' opts['username'] = 'wrongusername' try: Connection.establish(**opts) except Exception as err: print err print 'right username' opts['username'] = 'client' try: Connection.establish(**opts) except Exception as err: print err else: print 'no error' When I run that I get this output: no username Error in sasl_client_start (-4) SASL(-4): no mechanism available: wrong username connection-forced: Authentication failed(320) right username no error I expected that if a username is required that I would be told that from the error message. If not all cases require a username then I expect not including a username would give me a "Authentication failed(320)" also -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org