qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fraser Adams <fraser.ad...@blueyonder.co.uk>
Subject Re: Is it possible to set authentication to only authenticate consumers?
Date Fri, 07 Oct 2011 16:50:32 GMT

>
> That seems strange to me. For me, if DIGEST-MD5, PLAIN and ANONYMOUS 
> are all available, ANONYMOUS is picked by default unless a username is 
> set. Are you sure you aren't setting a username?
Pretty certain. As I said earlier it's a pretty basic client that has
    string broker = "localhost:5672";
    string connectionOptions = "{reconnect: true}";

When I looked at the broker trace it was talking about fadams@QPID, 
fadams is the name of the account that I'm using to run the client, but 
I've never explicitly used fadams anywhere as a qpid username so 
*something* is picking the account name.

>
> I wonder if your sasl lib behaves differently to mine...
Possibly, I'm running Ubuntu - perhaps it's got some subtly different 
options. I guess it's no big deal now as I seem to have got things 
working generally.

I still think anything to do with security is voodoo magic though, it's 
some sort of miracle that I've made it this far :-D


So now I've got another slightly off the wall question :-) So I've got 
an acl set up whereby I can have anonymous@QPID to only have publish 
rights and named users to subscribe.

What I'd quite like to be able to do is to log, but not deny if a queue 
is created that's not one of a named set. I'm suspecting that I can't do 
that with acl and I might have to write a QMF client to do that.

Incidentally, is it possible to get the broker to re-read an acl. I've 
been restarting the broker, but that's not ideal in a live environment.

Frase









---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


Mime
View raw message