qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Dispatch: Default value of authenticatePeer
Date Wed, 03 Aug 2016 16:37:20 GMT
Hi,

When I have listener configured like this:

listener {
    role: normal
    host: 0.0.0.0
    port: amqp
    saslMechanisms: PLAIN DIGEST-MD5 CRAM-MD5
    linkCapacity: 1000
}

Is it really expected that it allows anonymous access? It seems that unless
I add to the listener configuration also "authenticatePeer: yes", it will
always allow anonymous access to clients which don't trigger the SASL
layer.

This seems to me as something quite counter-intuitive and dangerous,
because on a first look someone (like me for example :-o) might expect that
this configuration allows only username/password authenticated access.

Wouldn't it make more sense to have anonymous access disabled by default?
At least when SASL layer is configured for given listener? Or is it just me
who finds this confusing?

Regards
Jakub

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message