[jira] Commented: (QPID-2600) ACL policy doesn't permit certain characters in usernames added to groups
[ https://issues.apache.org/jira/browse/QPID-2600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12866556#action_12866556 ] Andrew Kennedy commented on QPID-2600: -- I have also based the Java group entity parsing on the C++ parser and the website documentation. Should this be changed, with the @ and / swapped, to: name [ /domain [ @realm ] ] ACL policy doesn't permit certain characters in usernames added to groups - Key: QPID-2600 URL: https://issues.apache.org/jira/browse/QPID-2600 Project: Qpid Issue Type: Bug Components: C++ Broker Affects Versions: 0.6 Reporter: Rajith Attapattu Assignee: Rajith Attapattu Priority: Minor Fix For: 0.7 Description of problem: Unable to add a host principle to a group, the acl policy file fails to load and prevents qpidd from running. I guess this is partly due to us not figuring out what is exactly allowed for group and usernames. How reproducible: Fails every time. Steps to Reproduce: 1. Add a host or service principle to a group in the acl file. Something like this will suffice: group somegroup host/somemachine.example@example.com Actual results: Failure to start. Error message is: Daemon startup failed: Could not read ACL file ACL format error: /etc/qpid/policy.acl:25: Name host/somemachine.example@example.com contains illegal characters. Expected results: Should load and parse the group cleanly. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org
[jira] Commented: (QPID-2600) ACL policy doesn't permit certain characters in usernames added to groups
[ https://issues.apache.org/jira/browse/QPID-2600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12866580#action_12866580 ] Rajith Attapattu commented on QPID-2600: Thx good catch ! user = userna...@domain[/realm]] should be changed to user = name [ /domain [ @realm ] ] However currently the c++ broker doesn't treat the '@' as optional as we do have the concept of a domain. I know the Java broker doesn't, as it doesn't support GSSAPI etc.. I could probably default to the default-broker-realm if nothing is specified, rather than flag it as an error. The website documentation needs a bit of work for sure :) We are moving the ACL documentation from the wiki to the new doc book format kept in svn. So going forward we can keep them in sync a bit more easily. ACL policy doesn't permit certain characters in usernames added to groups - Key: QPID-2600 URL: https://issues.apache.org/jira/browse/QPID-2600 Project: Qpid Issue Type: Bug Components: C++ Broker Affects Versions: 0.6 Reporter: Rajith Attapattu Assignee: Rajith Attapattu Priority: Minor Fix For: 0.7 Description of problem: Unable to add a host principle to a group, the acl policy file fails to load and prevents qpidd from running. I guess this is partly due to us not figuring out what is exactly allowed for group and usernames. How reproducible: Fails every time. Steps to Reproduce: 1. Add a host or service principle to a group in the acl file. Something like this will suffice: group somegroup host/somemachine.example@example.com Actual results: Failure to start. Error message is: Daemon startup failed: Could not read ACL file ACL format error: /etc/qpid/policy.acl:25: Name host/somemachine.example@example.com contains illegal characters. Expected results: Should load and parse the group cleanly. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org
[jira] Commented: (QPID-2600) ACL policy doesn't permit certain characters in usernames added to groups
[ https://issues.apache.org/jira/browse/QPID-2600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12866586#action_12866586 ] Rajith Attapattu commented on QPID-2600: However currently the c++ broker doesn't treat the '@' as optional as we do have the concept of a domain. should be changed as However currently the c++ broker doesn't treat the '@' as optional as we do have the concept of a realm. ACL policy doesn't permit certain characters in usernames added to groups - Key: QPID-2600 URL: https://issues.apache.org/jira/browse/QPID-2600 Project: Qpid Issue Type: Bug Components: C++ Broker Affects Versions: 0.6 Reporter: Rajith Attapattu Assignee: Rajith Attapattu Priority: Minor Fix For: 0.7 Description of problem: Unable to add a host principle to a group, the acl policy file fails to load and prevents qpidd from running. I guess this is partly due to us not figuring out what is exactly allowed for group and usernames. How reproducible: Fails every time. Steps to Reproduce: 1. Add a host or service principle to a group in the acl file. Something like this will suffice: group somegroup host/somemachine.example@example.com Actual results: Failure to start. Error message is: Daemon startup failed: Could not read ACL file ACL format error: /etc/qpid/policy.acl:25: Name host/somemachine.example@example.com contains illegal characters. Expected results: Should load and parse the group cleanly. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org