I think I'm sorted now.
I added:
mech_list: anonymous plain
to my qpidd.conf and that seems to work.
out of curiosity does sasl choose the mechanisms in order here? Without
specifying mech_list the broker trace indicated that it was supporting a
wide range of mechanisms including anonymous yet it chose MD5-DIGEST (I
think) when it was initially failing with my c++ client
Frase
Fraser Adams wrote:
Gordon Sim wrote:
On 10/03/2011 06:42 PM, Fraser Adams wrote:
Is it possible to set authentication to only authenticate consumers so
producers can connect in without needing authentication?
You can allow both anonymous- and known- users to connect, and then
use ACLs to only allow the known users to consume while allowing
everyone (including anonymous users) to publish.
Hi Gordon,
How would I go about enabling anonymous authentication? I've
successfully authenticated my basic Java client using the
"guest/guest" username/password - I'm guessing that's not "anonymous"
though as it clearly has a name :-).
I've just run up a basic C++ client and that asks for a password. It
appears to be sending the account name as the username (in other words
in my case it's saying Authentication failed for
fadams@QPID:SASL(-13): authentication failure: client response doesn't
match what we generated).
My client is pretty basic and has
string broker = "localhost:5672";
string connectionOptions = "{reconnect: true}";
Now I think that I can add username/password to the connection options
and I noticed a |sasl_mechanisms |connection option so I may be able
to explicitly set that to anonymous
But both of these would require code changes. That's fine in my case
here where I can change the code, but in a real world scenario I've
got a lot of producers (and I'm not convinced that the developers have
necessarily made the connection options configurable) currently
connecting to a broker with authentication disabled. I'd like to be
able to "authenticate" without them having to change and to add ACL
rules to only allow them to produce.
I'd have thought that anonymous would have been something that I could
enable on the broker config.
Have I missed something?
MTIA
Frase
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
