Return-Path: X-Original-To: apmail-qpid-users-archive@www.apache.org Delivered-To: apmail-qpid-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AA9D093C1 for ; Fri, 7 Oct 2011 16:50:53 +0000 (UTC) Received: (qmail 52710 invoked by uid 500); 7 Oct 2011 16:50:53 -0000 Delivered-To: apmail-qpid-users-archive@qpid.apache.org Received: (qmail 52680 invoked by uid 500); 7 Oct 2011 16:50:53 -0000 Mailing-List: contact users-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@qpid.apache.org Delivered-To: mailing list users@qpid.apache.org Received: (qmail 52672 invoked by uid 99); 7 Oct 2011 16:50:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Oct 2011 16:50:53 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of fraser.adams@blueyonder.co.uk designates 81.103.221.49 as permitted sender) Received: from [81.103.221.49] (HELO mtaout03-winn.ispmail.ntl.com) (81.103.221.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Oct 2011 16:50:43 +0000 Received: from know-smtpout-4.server.virginmedia.net ([62.254.123.1]) by mtaout03-winn.ispmail.ntl.com (InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id <20111007165023.INUE8898.mtaout03-winn.ispmail.ntl.com@know-smtpout-4.server.virginmedia.net> for ; Fri, 7 Oct 2011 17:50:23 +0100 Received: from [82.33.36.91] (helo=[192.168.1.4]) by know-smtpout-4.server.virginmedia.net with esmtpa (Exim 4.63) (envelope-from ) id 1RCDcs-0005fS-TQ for users@qpid.apache.org; Fri, 07 Oct 2011 17:50:22 +0100 Message-ID: <4E8F2DD8.9080704@blueyonder.co.uk> Date: Fri, 07 Oct 2011 17:50:32 +0100 From: Fraser Adams User-Agent: Thunderbird 2.0.0.24 (X11/20101027) MIME-Version: 1.0 To: users@qpid.apache.org Subject: Re: Is it possible to set authentication to only authenticate consumers? References: <4E72452A.50709@blueyonder.co.uk> <4E7308E3.7080804@blueyonder.co.uk> <4E734780.30509@blueyonder.co.uk> <4E737ECC.2020509@redhat.com> <4E85EB31.5070602@blueyonder.co.uk> <4E89F3E9.9040601@blueyonder.co.uk> <4E8C1A2D.6080902@redhat.com> <4E8EDDF2.2010200@blueyonder.co.uk> <4E8EEB44.8030901@redhat.com> <4E8EF79F.8090609@blueyonder.co.uk> <4E8F2628.90907@redhat.com> In-Reply-To: <4E8F2628.90907@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Cloudmark-Analysis: v=1.1 cv=R50lirqlHffDPPkwUlkuVa99MrvKdVWo//yz83qex8g= c=1 sm=0 a=0ZzmyYADvgoA:10 a=Q0O5IUmHtJgA:10 a=3NElcqgl2aoA:10 a=8nJEP1OIZ-IA:10 a=ru4hCLkX7bwOM7pECvIA:9 a=wPNLvfGTeEIA:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117 X-Virus-Checked: Checked by ClamAV on apache.org > > That seems strange to me. For me, if DIGEST-MD5, PLAIN and ANONYMOUS > are all available, ANONYMOUS is picked by default unless a username is > set. Are you sure you aren't setting a username? Pretty certain. As I said earlier it's a pretty basic client that has string broker = "localhost:5672"; string connectionOptions = "{reconnect: true}"; When I looked at the broker trace it was talking about fadams@QPID, fadams is the name of the account that I'm using to run the client, but I've never explicitly used fadams anywhere as a qpid username so *something* is picking the account name. > > I wonder if your sasl lib behaves differently to mine... Possibly, I'm running Ubuntu - perhaps it's got some subtly different options. I guess it's no big deal now as I seem to have got things working generally. I still think anything to do with security is voodoo magic though, it's some sort of miracle that I've made it this far :-D So now I've got another slightly off the wall question :-) So I've got an acl set up whereby I can have anonymous@QPID to only have publish rights and named users to subscribe. What I'd quite like to be able to do is to log, but not deny if a queue is created that's not one of a named set. I'm suspecting that I can't do that with acl and I might have to write a QMF client to do that. Incidentally, is it possible to get the broker to re-read an acl. I've been restarting the broker, but that's not ideal in a live environment. Frase --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:users-subscribe@qpid.apache.org