Details
-
Bug
-
Resolution: Done
-
Major
-
1.6.0.GA
-
None
-
-
-
Workaround Exists
Description
Here [1] we say to run the following command as root, in order to generate a SASL database to store credentials:
sudo saslpasswd2 -c -f SASL_DATABASE_NAME.sasldb -u DOMAIN_NAME USER_NAME
The problem is that file permission on the generated sasldb are wrong:
bash-4.2$ ls -l /var/lib/qdrouterd
total 12
-rw-r-----. 1 root root 12288 Jan 2 16:18 qdrouterd.sasldb
If you now start the router with `systemctl start qdrouterd`, authentication does not work. This is also the case when starting the router daemon directly with any other user than root using the command `qdrouterd -c qdrouterd.conf`.
This is the error you get when trying to connect with your client:
2019-12-23 13:58:58.717 ERROR 46928 --- [nio-8080-exec-1] org.apache.qpid.jms.JmsConnection : Failed to connect to remote at: amqp://10.10.205.4:5672
org.springframework.jms.JmsSecurityException: Client failed to authenticate using SASL: PLAIN; nested exception is org.apache.qpid.jms.exceptions.JMSSecuritySaslException: Client failed to authenticate using SASL: PLAIN
To fix this you have to add read permission like this:
sudo chmod o+r /var/lib/qdrouterd/qdrouterd.sasldb
This last command should be documented as well.
Attachments
Issue Links
- links to
