Details
-
Bug
-
Resolution: Obsolete
-
Critical
-
7.0.0
-
None
-
None
Description
Start with a clean instance of Fuse MQ, create an ensemble and create one or many child containers:
FuseMQ:karaf@root> ensemble-create root FuseMQ:karaf@root> ensemble-list [id] root FuseMQ:karaf@root> container-list [id] [version] [alive] [profiles] [provision status] root 1.0 true fabric, fabric-ensemble-0000-1 FuseMQ:karaf@root> container-create-child root child 3 The following containers have been created successfully: child1 child2 child3 FuseMQ:karaf@root> container-list [id] [version] [alive] [profiles] [provision status] root 1.0 true fabric, fabric-ensemble-0000-1 child1 1.0 true default success child2 1.0 true default success child3 1.0 true default success
All containers provisioned successfully. ps aux | grep java shows all 4 containers running happily.
Now try to connect to one of them, e.g. child1. If you are lucky, you will get a "Bad username/password" message (can't remember the exact one now).
Otherwise, the system may hang indefinitely, or you may get a StackOverflowError:
FuseMQ:karaf@root> connect child1 Connecting to host localhost on port 8102 Connected Error executing command: java.lang.StackOverflowError
In the logs you can see that the authentication is failing:
2012-03-23 16:13:49,203 | INFO | NioProcessor-31 | ClientSessionImpl | client.session.ClientSessionImpl 73 | 22 - sshd-core - 0.5.0 | Session created... 2012-03-23 16:13:49,204 | INFO | NioProcessor-31 | ClientSessionImpl | client.session.ClientSessionImpl 385 | 22 - sshd-core - 0.5.0 | Server version string: SSH-2.0-SSHD-CORE-0.5.0 2012-03-23 16:13:49,204 | INFO | NioProcessor-31 | ClientSessionImpl | client.session.ClientSessionImpl 234 | 22 - sshd-core - 0.5.0 | Received SSH_MSG_KEXINIT 2012-03-23 16:13:49,207 | INFO | NioProcessor-31 | DHG1 | shd.client.kex.AbstractDHGClient 78 | 22 - sshd-core - 0.5.0 | Send SSH_MSG_KEXDH_INIT 2012-03-23 16:13:49,211 | INFO | NioProcessor-31 | DHG1 | shd.client.kex.AbstractDHGClient 93 | 22 - sshd-core - 0.5.0 | Received SSH_MSG_KEXDH_REPLY 2012-03-23 16:13:49,216 | INFO | NioProcessor-31 | ClientSessionImpl | d.common.session.AbstractSession 691 | 22 - sshd-core - 0.5.0 | Send SSH_MSG_NEWKEYS 2012-03-23 16:13:49,216 | INFO | NioProcessor-31 | ClientSessionImpl | client.session.ClientSessionImpl 254 | 22 - sshd-core - 0.5.0 | Received SSH_MSG_NEWKEYS 2012-03-23 16:13:49,217 | INFO | NioProcessor-31 | ClientSessionImpl | client.session.ClientSessionImpl 420 | 22 - sshd-core - 0.5.0 | Send SSH_MSG_SERVICE_REQUEST for ssh-userauth 2012-03-23 16:13:49,219 | INFO | l Console Thread | UserAuthPassword | shd.client.auth.UserAuthPassword 40 | 22 - sshd-core - 0.5.0 | Send SSH_MSG_USERAUTH_REQUEST for password 2012-03-23 16:13:49,222 | INFO | NioProcessor-31 | UserAuthPassword | shd.client.auth.UserAuthPassword 52 | 22 - sshd-core - 0.5.0 | Received SSH_MSG_USERAUTH_FAILURE 2012-03-23 16:13:49,227 | INFO | l Console Thread | ClientSessionImpl | d.common.session.AbstractSession 287 | 22 - sshd-core - 0.5.0 | Closing session
No username, passwords, etc. have been changed. All configuration is the default one.
As per the users.properties config file, the credentials should be karaf/karaf. They do not work, not even via direct SSH:
[raul@~/Workbench/fuse-mq-7.0.0.fuse-037/instances/child1/etc$] ssh -p 8102 karaf@localhost
karaf@localhost's password: karaf
Permission denied, please try again.
This does work on Fuse ESB 7 (full package). Trying to spot differences, I see the following JAAS bundles in Fuse ESB:
FuseESB:karaf@root> la | grep -i jaas [ 15] [Active ] [Created ] [ ] [ 28] Apache Karaf :: JAAS :: Config (2.2.5.fuse-7-037) [ 28] [Active ] [Created ] [ ] [ 30] Apache Karaf :: JAAS :: Modules (2.2.5.fuse-7-037) [ 38] [Active ] [Created ] [ ] [ 30] Apache Karaf :: Jaas :: Command (2.2.5.fuse-7-037) [ 57] [Active ] [Created ] [ ] [ 30] Apache Karaf :: JAAS :: Jasypt Encryption (2.2.5.fuse-7-037)
And the following in Fuse MQ:
FuseMQ:karaf@root> la | grep -i jaas [ 13] [Active ] [Created ] [ ] [ 28] Apache Karaf :: JAAS :: Config (2.2.5.fuse-7-037) [ 26] [Active ] [Created ] [ ] [ 30] Apache Karaf :: JAAS :: Modules (2.2.5.fuse-7-037) [ 36] [Active ] [Created ] [ ] [ 30] Apache Karaf :: Jaas :: Command (2.2.5.fuse-7-037) [ 144] [Active ] [Created ] [ ] [ 60] Fuse Fabric :: JAAS (7.0.0.fuse-037)
Only one JaasRealm service is exported in Fuse ESB:
FuseESB:karaf@root> ls | grep -i JaasRealm org.apache.karaf.jaas.config.JaasRealm
(exported by bundle Apache Karaf :: JAAS :: Modules (28))
Whereas two are shown on Fuse MQ:
FuseMQ:karaf@root> ls | grep -i JaasRealm org.apache.karaf.jaas.config.JaasRealm org.apache.karaf.jaas.config.JaasRealm
(exported by bundles Apache Karaf :: JAAS :: Modules (26) & Fuse Fabric :: JAAS (144)).
In conclusion, the Fuse Fabric :: JAAS bundle seems to be interfering with the SSH authentication.