qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fraser Adams <fraser.ad...@blueyonder.co.uk>
Subject Re: Is it possible to set authentication to only authenticate consumers?
Date Fri, 07 Oct 2011 11:32:02 GMT
I think I'm sorted now.

I added:

mech_list: anonymous plain

to my qpidd.conf and that seems to work.

out of curiosity does sasl choose the mechanisms in order here? Without 
specifying mech_list the broker trace indicated that it was supporting a 
wide range of mechanisms including anonymous yet it chose MD5-DIGEST (I 
think) when it was initially failing with my c++ client

Frase



Fraser Adams wrote:
> Gordon Sim wrote:
>> On 10/03/2011 06:42 PM, Fraser Adams wrote:
>>> Is it possible to set authentication to only authenticate consumers so
>>> producers can connect in without needing authentication?
>>
>> You can allow both anonymous- and known- users to connect, and then 
>> use ACLs to only allow the known users to consume while allowing 
>> everyone (including anonymous users) to publish.
>>
> Hi Gordon,
> How would I go about enabling anonymous authentication? I've 
> successfully authenticated my basic Java client using the 
> "guest/guest" username/password - I'm guessing that's not "anonymous" 
> though as it clearly has a name :-).
>
> I've just run up a basic C++ client and that asks for a password. It 
> appears to be sending the account name as the username (in other words 
> in my case it's saying Authentication failed for 
> fadams@QPID:SASL(-13): authentication failure: client response doesn't 
> match what we generated).
>
> My client is pretty basic and has
>    string broker = "localhost:5672";
>    string connectionOptions = "{reconnect: true}";
>
> Now I think that I can add username/password to the connection options 
> and I noticed a |sasl_mechanisms |connection option so I may be able 
> to explicitly set that to anonymous
>
> But both of these would require code changes. That's fine in my case 
> here where I can change the code, but in a real world scenario I've 
> got a lot of producers (and I'm not convinced that the developers have 
> necessarily made the connection options configurable) currently 
> connecting to a broker with authentication disabled. I'd like to be 
> able to "authenticate" without them having to change and to add ACL 
> rules to only allow them to produce.
>
> I'd have thought that anonymous would have been something that I could 
> enable on the broker config.
>
> Have I missed something?
>
> MTIA
> Frase
>
>
>
>
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


Mime
View raw message