Is a blank SASL password valid with PLAIN?
Brian Bouterse
bbouters at redhat.com
Wed Jul 29 14:51:14 EDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I've been doing some development on Kombu [0] which uses SASL to
authenticate against a Qpid message bus. In one specific case, when
Kombu makes a Qpid client connection it calls
establish(username='guest', password=''). establish() is part of the
Qpid client library [1]. In Python '' is an empty string which is
different than None the reserved keyword for empty (null).
At some point as establish calls into qpid.messaging ->
python-saslwrapper -> cyrus-sasl-lib/plain we are being prompted for a
password even though we specify password=''. Is password='' an invalid
value in the SASL PLAIN protocol, or is this just a bug in these
libraries that should be fixed?
We are running these sasl libraries:
cyrus-sasl-2.1.26-17.el7.x86_64
cyrus-sasl-md5-2.1.26-17.el7.x86_64
saslwrapper-0.22-5.el7sat.x86_64
cyrus-sasl-plain-2.1.26-17.el7.x86_64
cyrus-sasl-lib-2.1.26-17.el7.x86_64
python-saslwrapper-0.22-5.el7sat.x86_64
I can provide more info if that is helpful. I know this is a silly
thing to use SASL with an empty password but users are doing it and it
halts the process while waiting for input from a daemon process.
Thanks in advance.
[0]: http://kombu.readthedocs.org/en/latest/
[1]:
https://qpid.apache.org/releases/qpid-0.26/messaging-api/python/api/inde
x.html
- -Brian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVuSCiAAoJEK48cdELyEfyitoH/0tZ+bVdF/luFGU1zPjct4c5
dArKtO4VPsASgl7g8JxUvtB0DbqOWTVQqlmiCHyNyOlEWi0v5St4fWsXFaZbsUux
zun2C9fToaiEKZUbDk0/69/Jb944yUsbNuKxFEom1zYZg35p3lQshb7mE7UGCz6x
I6BJZa0m0pwCVXoaAw+bTL8MuJnM0jCzrDGkyGJH2CZjb1uKA1Wjc2wcnnlpkvr5
sex+FWwQSaYTUG8Ro1lb9vb7RNgL8M+XgSt5iagaO4zYM/LQTGxsKPyysLoJ4EFf
KXFJ+GuU/HobHJyZ7hqSUBvyFUTaVfvAZKamhncFbT3on5o5Gc8UL/1WpcoA3Ls=
=JEIs
-----END PGP SIGNATURE-----
More information about the Cyrus-sasl
mailing list