Uploaded image for project: 'AMQ Interconnect'
  1. AMQ Interconnect
  2. ENTMQIC-2409

SASL PLAIN authentication does not work when using systemd


    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.7.0.GA
    • 1.6.0.GA
    • Documentation
    • None
    • -
    • Workaround Exists

      Here [1] we say to run the following command as root, in order to generate a SASL database to store credentials:

      sudo saslpasswd2 -c -f SASL_DATABASE_NAME.sasldb -u DOMAIN_NAME USER_NAME

      The problem is that file permission on the generated sasldb are wrong:

      bash-4.2$ ls -l /var/lib/qdrouterd
      total 12
      -rw-r-----. 1 root root 12288 Jan  2 16:18 qdrouterd.sasldb

      If you now start the router with `systemctl start qdrouterd`, authentication does not work. This is also the case when starting the router daemon directly with any other user than root using the command `qdrouterd -c qdrouterd.conf`.

      This is the error you get when trying to connect with your client:

      2019-12-23 13:58:58.717 ERROR 46928 --- [nio-8080-exec-1] org.apache.qpid.jms.JmsConnection        : Failed to connect to remote at: amqp://
      org.springframework.jms.JmsSecurityException: Client failed to authenticate using SASL: PLAIN; nested exception is org.apache.qpid.jms.exceptions.JMSSecuritySaslException: Client failed to authenticate using SASL: PLAIN

      To fix this you have to add read permission like this:

      sudo chmod o+r /var/lib/qdrouterd/qdrouterd.sasldb

      This last command should be documented as well.

      [1] https://access.redhat.com/documentation/en-us/red_hat_amq/7.5/html-single/using_amq_interconnect/index#cyrus-sasl

            behardesty Ben Hardesty
            rhn-support-fvaleri Federico Valeri
            Nicolas Brignone Nicolas Brignone (Inactive)
            0 Vote for this issue
            5 Start watching this issue
