Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 597066 - Python Connection object uses "guest" as the default username, breaks single-sign-on
Summary: Python Connection object uses "guest" as the default username, breaks single-...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: python-qpid
Version: Development
Hardware: All
OS: Linux
high
medium
Target Milestone: 1.3
: ---
Assignee: Gordon Sim
QA Contact: MRG Quality Engineering
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-28 03:49 UTC by Ted Ross
Modified: 2012-12-11 19:02 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-12-11 19:02:48 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Ted Ross 2010-05-28 03:49:59 UTC
Description of problem:

When using GSSAPI/Kerberos as an auth mechanism from the (new) Python API, the Connection object uses the username "guest" as a default.  The application must explicitly set username to None to get Kerberos/Single-sign-on to work (because with SSO, the application doesn't even know the identity of the user, it was set earlier using kinit).

The username should default to None if not supplied.

Comment 1 Gordon Sim 2010-06-01 09:39:16 UTC
Fixed on trunk (r949971) and release branch (http://mrg1.lab.bos.redhat.com/git/?p=qpid.git;a=commitdiff;h=7f006841387b54cb0165cfa6d1423cd3fae06ce2).

To test:

1) configure broker for kerberos support
2) kinit
3) run drain/spout example using a broker address that does not contain a username (broker address used should match that of the service principal, i.e. usually a fully qualified domain name)

This should work by taking the username used in step 2. Without the fix that username has to be explicitly in the broker address (e.g. -b gordon/dummy@mrg15.lab.bos.redhat.com).


Note You need to log in before you can comment on or make changes to this bug.