I think I'm sorted now.
I added:
mech_list: anonymous plain
to my qpidd.conf and that seems to work.
out of curiosity does sasl choose the mechanisms in order here? Without
specifying mech_list the broker trace indicated that it was supporting a
wide range of mechanisms including anonymous yet it chose MD5-DIGEST (I
think) when it was initially failing with my c++ client
Frase
Fraser Adams wrote:
> Gordon Sim wrote:
>> On 10/03/2011 06:42 PM, Fraser Adams wrote:
>>> Is it possible to set authentication to only authenticate consumers so
>>> producers can connect in without needing authentication?
>>
>> You can allow both anonymous- and known- users to connect, and then
>> use ACLs to only allow the known users to consume while allowing
>> everyone (including anonymous users) to publish.
>>
> Hi Gordon,
> How would I go about enabling anonymous authentication? I've
> successfully authenticated my basic Java client using the
> "guest/guest" username/password - I'm guessing that's not "anonymous"
> though as it clearly has a name :-).
>
> I've just run up a basic C++ client and that asks for a password. It
> appears to be sending the account name as the username (in other words
> in my case it's saying Authentication failed for
> fadams@QPID:SASL(-13): authentication failure: client response doesn't
> match what we generated).
>
> My client is pretty basic and has
> string broker = "localhost:5672";
> string connectionOptions = "{reconnect: true}";
>
> Now I think that I can add username/password to the connection options
> and I noticed a |sasl_mechanisms |connection option so I may be able
> to explicitly set that to anonymous
>
> But both of these would require code changes. That's fine in my case
> here where I can change the code, but in a real world scenario I've
> got a lot of producers (and I'm not convinced that the developers have
> necessarily made the connection options configurable) currently
> connecting to a broker with authentication disabled. I'd like to be
> able to "authenticate" without them having to change and to add ACL
> rules to only allow them to produce.
>
> I'd have thought that anonymous would have been something that I could
> enable on the broker config.
>
> Have I missed something?
>
> MTIA
> Frase
>
>
>
>
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
|