Hi Gordon, right on all counts, thanks! > Can the qpidd process read the database? E.g. does running qpidd as root > (just temporarily) resolve the issue?
yes. > Ok, I think what you need to do is put the CN from your certificate as > the username in the url. > EXTERNAL is being selected (in fact no other mechanism is being > offered), but the client is requesting an identity that doesn't match > the certificate it has been authenticated with. yes; works. My C++ client doesn't work yet (the tools eg qpid-config do) but I haven't looked into my client too much since it looks like if SSL is enabled, SASL doesn't add anything anyway. Thanks very much! Jeff ________________________________________ From: Gordon Sim [[email protected]] Sent: Monday, August 15, 2016 1:45 AM To: [email protected] Subject: Re: Is it normal to have to turn SASL off to get qpid-config and qpid-stat to work with SSL? On 13/08/16 03:35, Jeff Donner wrote: > ##################################################### > # Without SSL: [...] > -- something's wrong with my SASL setup I feel sure, it's just whiffing at > authenticating. I moved the sasldb from its original, qpid-specific location > to the system's db (reflected in all cases above), but that made no > difference. If you have a domain associated with a username (jgd), you need > to specify it for administrative actions which the qpid-config tool URL > doesn't give you a way to do, but it looks like qpid-config is filling in the > right value (QPID) anyway. Can the qpidd process read the database? E.g. does running qpidd as root (just temporarily) resolve the issue? > I tried making the username be: jgd@QPID and jgd/QPID to compensate for the > lack of domain, but, those failed too: It shouldn't need that. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
