qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Stitcher <astitc...@redhat.com>
Subject Re: Dispatch: Default value of authenticatePeer
Date Fri, 12 Aug 2016 14:45:21 GMT
On Fri, 2016-08-05 at 20:07 +0100, Gordon Sim wrote:
> On 05/08/16 19:39, Andrew Stitcher wrote:
> > 
> > Also bear in mind that if require-auth is true then ANONYMOUS SASL
> > will
> > also not be allowed even if it is the negotiated mechanism. The
> > proton
> > code will go through the SASL negotiation and then notice that
> > there is
> > no authentication and close the connection.
> That seems less than ideal to me. If it isn't acceptable, ANONYMOUS 
> shouldn't be offered. That's the point of the negotiation.

If the user is that particular then they should make sure that
ANONYMOUS is not an offered mechanism.

As I said up-thread authentication and encryption are not centralised
in the amqp protocol and the only point you can be sure whether your
connection requirements have been met is just after you receive the
AMQP header. At that point you are guaranteed that any authentication
and encryption negotiation must have taken place.


To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

View raw message