[jira] Commented: (QPID-2600) ACL policy doesn't permit certain characters in usernames added to groups
[ https://issues.apache.org/jira/browse/QPID-2600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866586#action_12866586 ] Rajith Attapattu commented on QPID-2600: "However currently the c++ broker doesn't treat the '@' as optional as we do have the concept of a domain. " should be changed as However currently the c++ broker doesn't treat the '@' as optional as we do have the concept of a realm. > ACL policy doesn't permit certain characters in usernames added to groups > - > > Key: QPID-2600 > URL: https://issues.apache.org/jira/browse/QPID-2600 > Project: Qpid > Issue Type: Bug > Components: C++ Broker >Affects Versions: 0.6 >Reporter: Rajith Attapattu >Assignee: Rajith Attapattu >Priority: Minor > Fix For: 0.7 > > > Description of problem: > Unable to add a host principle to a group, the acl policy file fails to load > and prevents qpidd from running. > I guess this is partly due to us not figuring out what is exactly allowed for > group and usernames. > How reproducible: > Fails every time. > Steps to Reproduce: > 1. Add a host or service principle to a group in the acl file. Something like > this will suffice: > group somegroup host/somemachine.example@example.com > Actual results: > Failure to start. Error message is: > Daemon startup failed: Could not read ACL file ACL format error: > /etc/qpid/policy.acl:25: Name "host/somemachine.example@example.com" > contains illegal characters. > Expected results: > Should load and parse the group cleanly. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org
[jira] Commented: (QPID-2600) ACL policy doesn't permit certain characters in usernames added to groups
[ https://issues.apache.org/jira/browse/QPID-2600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866580#action_12866580 ] Rajith Attapattu commented on QPID-2600: Thx good catch ! "user = userna...@domain[/realm]]" should be changed to user = [ / [ @ ] ] However currently the c++ broker doesn't treat the '@' as optional as we do have the concept of a domain. I know the Java broker doesn't, as it doesn't support GSSAPI etc.. I could probably default to the default-broker-realm if nothing is specified, rather than flag it as an error. The website documentation needs a bit of work for sure :) We are moving the ACL documentation from the wiki to the new doc book format kept in svn. So going forward we can keep them in sync a bit more easily. > ACL policy doesn't permit certain characters in usernames added to groups > - > > Key: QPID-2600 > URL: https://issues.apache.org/jira/browse/QPID-2600 > Project: Qpid > Issue Type: Bug > Components: C++ Broker >Affects Versions: 0.6 >Reporter: Rajith Attapattu >Assignee: Rajith Attapattu >Priority: Minor > Fix For: 0.7 > > > Description of problem: > Unable to add a host principle to a group, the acl policy file fails to load > and prevents qpidd from running. > I guess this is partly due to us not figuring out what is exactly allowed for > group and usernames. > How reproducible: > Fails every time. > Steps to Reproduce: > 1. Add a host or service principle to a group in the acl file. Something like > this will suffice: > group somegroup host/somemachine.example@example.com > Actual results: > Failure to start. Error message is: > Daemon startup failed: Could not read ACL file ACL format error: > /etc/qpid/policy.acl:25: Name "host/somemachine.example@example.com" > contains illegal characters. > Expected results: > Should load and parse the group cleanly. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org
[jira] Commented: (QPID-2600) ACL policy doesn't permit certain characters in usernames added to groups
[ https://issues.apache.org/jira/browse/QPID-2600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866556#action_12866556 ] Andrew Kennedy commented on QPID-2600: -- I have also based the Java group entity parsing on the C++ parser and the website documentation. Should this be changed, with the @ and / swapped, to: [ / [ @ ] ] > ACL policy doesn't permit certain characters in usernames added to groups > - > > Key: QPID-2600 > URL: https://issues.apache.org/jira/browse/QPID-2600 > Project: Qpid > Issue Type: Bug > Components: C++ Broker >Affects Versions: 0.6 >Reporter: Rajith Attapattu >Assignee: Rajith Attapattu >Priority: Minor > Fix For: 0.7 > > > Description of problem: > Unable to add a host principle to a group, the acl policy file fails to load > and prevents qpidd from running. > I guess this is partly due to us not figuring out what is exactly allowed for > group and usernames. > How reproducible: > Fails every time. > Steps to Reproduce: > 1. Add a host or service principle to a group in the acl file. Something like > this will suffice: > group somegroup host/somemachine.example@example.com > Actual results: > Failure to start. Error message is: > Daemon startup failed: Could not read ACL file ACL format error: > /etc/qpid/policy.acl:25: Name "host/somemachine.example@example.com" > contains illegal characters. > Expected results: > Should load and parse the group cleanly. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org