qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fraser Adams <fraser.ad...@blueyonder.co.uk>
Subject Re: Is it possible to set authentication to only authenticate consumers?
Date Fri, 07 Oct 2011 11:09:38 GMT
Gordon Sim wrote:
> On 10/03/2011 06:42 PM, Fraser Adams wrote:
>> Is it possible to set authentication to only authenticate consumers so
>> producers can connect in without needing authentication?
> You can allow both anonymous- and known- users to connect, and then 
> use ACLs to only allow the known users to consume while allowing 
> everyone (including anonymous users) to publish.
Hi Gordon,
How would I go about enabling anonymous authentication? I've 
successfully authenticated my basic Java client using the "guest/guest" 
username/password - I'm guessing that's not "anonymous" though as it 
clearly has a name :-).

I've just run up a basic C++ client and that asks for a password. It 
appears to be sending the account name as the username (in other words 
in my case it's saying Authentication failed for fadams@QPID:SASL(-13): 
authentication failure: client response doesn't match what we generated).

My client is pretty basic and has
    string broker = "localhost:5672";
    string connectionOptions = "{reconnect: true}";

Now I think that I can add username/password to the connection options 
and I noticed a |sasl_mechanisms |connection option so I may be able to 
explicitly set that to anonymous

But both of these would require code changes. That's fine in my case 
here where I can change the code, but in a real world scenario I've got 
a lot of producers (and I'm not convinced that the developers have 
necessarily made the connection options configurable) currently 
connecting to a broker with authentication disabled. I'd like to be able 
to "authenticate" without them having to change and to add ACL rules to 
only allow them to produce.

I'd have thought that anonymous would have been something that I could 
enable on the broker config.

Have I missed something?


Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

View raw message