qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Dispatch: Default value of authenticatePeer
Date Wed, 03 Aug 2016 16:37:20 GMT

When I have listener configured like this:

listener {
    role: normal
    port: amqp
    saslMechanisms: PLAIN DIGEST-MD5 CRAM-MD5
    linkCapacity: 1000

Is it really expected that it allows anonymous access? It seems that unless
I add to the listener configuration also "authenticatePeer: yes", it will
always allow anonymous access to clients which don't trigger the SASL

This seems to me as something quite counter-intuitive and dangerous,
because on a first look someone (like me for example :-o) might expect that
this configuration allows only username/password authenticated access.

Wouldn't it make more sense to have anonymous access disabled by default?
At least when SASL layer is configured for given listener? Or is it just me
who finds this confusing?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message