Project

Profile

Help

Issue #3335

closed

pulp fails to use SASL methods other than PLAIN

Added by balonik about 6 years ago. Updated almost 5 years ago.

Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
RHEL 7
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Hi,
I am using DIGEST-MD5 method to authenticate to our QPID.
I have noticed that Pulp Celery workers are able to connect using Anonymous or PLAIN mechanism if I don't set "login_method" in server.conf.
After setting the "login_method" to DIGEST-MD5 lots of auth failed messages appeared in logs.

I found the reason for this is code in "/usr/lib/python2.7/site-packages/kombu/transport/qpid.py"
where you either set PLAIN or ANONYMOUS mechanism if "login_method" is not defined and only set username for any other method if "login_method" is specified in conf file.

This way the authentication also breaks if I set "login_method" to PLAIN.

The quick solution for this is to update the code to process username/password even if "login_method" is specified in server.conf
The simplest fix is to add "credentials['password'] = conninfo.password" after line 1592, but you might want to have something more smart.

Thanks.

Also available in: Atom PDF