On Tue, 2016-09-13 at 16:33 -0700, Justin Ross wrote: > Some potentially interesting things. > > ## Components > > python-qpid-proton-0.13.1-1.fc24.x86_64 > python-qpid-messaging-0.34-9.fc24.x86_64 (qpid*_*messaging) > qpid-dispatch-router-0.6.1-2.fc24.x86_64 > > ## Listener config > > listener { > host: 0.0.0.0 > port: amqp > authenticatePeer: on > saslMechanisms: ANONYMOUS > } > > ## host: 0.0.0.0 allows connection via localhost from qpid_messaging > but > not from proton > > My qpid_messaging client can connect, using localhost in its > connection > info, but my proton client cannot (connection refused). Using '::' > instead > of '0.0.0.0' allows either to connect. Perhaps the way proton > resolves > localhost is different.
0.0.0.0 is an IPv4 address :: is the IPv6 equivalent. Usually localhost will map to both of these addresses, and the usual system defaults will try the IPv6 address first. So if the client code doesn't correctly try all the resolved IP addresses in order then you'll get this behaviour. I know that qpid.messaging does this correctly. > ## "authenticatePeer: on" strips ANONYMOUS What do you mean "strips" ANONYMOUS? Do you mean the mechanism isn't offered? The mechanism isn't in the allowable client list? At the proton API level authenticatePeer means that we require connections to be authenticated before using them. This can either by via SASL or via SSL. So I wouldn't expect that setting to take ANONYMOUS out of the offered mechanisms, but I'm not 100% about the behaviour of Cyrus under all circumstances. > > This was a surprise to me. I had explicitly enabled ANONYMOUS. And > I > confess I was mentally reading 'authenticatePeer' to mean enable > SASL. > Which component is stripping it, proton or dispatch or cyrus? Should > it be > stripped when I positively express a desire for it? I'm not sure that forcing the ANONYMOUS mechanism together with authentication isn't contradictory - ANONYMOUS is explicitly unauthenticated (it's anonymous after all!). > If we keep this > behavior, we should add a note about it to the qdrouterd.conf man > page. Undoubtedly! Andrew --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org