Uploaded image for project: 'AMQ Interconnect'
  1. AMQ Interconnect
  2. ENTMQIC-2409

SASL PLAIN authentication does not work when using systemd

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Done
    • 1.6.0.GA
    • 1.7.0.GA
    • Documentation
    • None
    • Workaround Exists
    • -

    Description

      Here [1] we say to run the following command as root, in order to generate a SASL database to store credentials:

      sudo saslpasswd2 -c -f SASL_DATABASE_NAME.sasldb -u DOMAIN_NAME USER_NAME
      

      The problem is that file permission on the generated sasldb are wrong:

      bash-4.2$ ls -l /var/lib/qdrouterd
      total 12
      -rw-r-----. 1 root root 12288 Jan  2 16:18 qdrouterd.sasldb
      

      If you now start the router with `systemctl start qdrouterd`, authentication does not work. This is also the case when starting the router daemon directly with any other user than root using the command `qdrouterd -c qdrouterd.conf`.

      This is the error you get when trying to connect with your client:

      2019-12-23 13:58:58.717 ERROR 46928 --- [nio-8080-exec-1] org.apache.qpid.jms.JmsConnection        : Failed to connect to remote at: amqp://10.10.205.4:5672
      org.springframework.jms.JmsSecurityException: Client failed to authenticate using SASL: PLAIN; nested exception is org.apache.qpid.jms.exceptions.JMSSecuritySaslException: Client failed to authenticate using SASL: PLAIN
      

      To fix this you have to add read permission like this:

      sudo chmod o+r /var/lib/qdrouterd/qdrouterd.sasldb
      

      This last command should be documented as well.

      [1] https://access.redhat.com/documentation/en-us/red_hat_amq/7.5/html-single/using_amq_interconnect/index#cyrus-sasl

      Attachments

        Issue Links

          Activity

            People

              behardesty Ben Hardesty
              rhn-support-fvaleri Federico Valeri
              Nicolas Brignone Nicolas Brignone (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: