[rabbitmq-discuss] Creating an auth plugin (Kerberos)

Simon MacMullen simon at rabbitmq.com
Tue Nov 27 11:36:51 GMT 2012


On 27/11/12 10:07, Simon Lundström wrote:
> Is there a way to do this without using a seperate function?
> <https://github.com/simmel/rabbitmq-auth-backend-kerberos/commit/8911bd68d729142d0d2b5b1959fb2d53de42800e>

This is starting to look like erlang-questions territory :-)

But try this (untested, and condensed to fit on one line):

-define(APP, begin {ok,A}=application:get_application(?MODULE),A end).

> While developing the plugin I've noticed a weird issue. When using the
> API's /api/aliveness-test/%2F it makes a few authentication requests.
> In the third (or so) request password is undefined. In all other
> requests the password is a binary which is the password being used.
>
> Is this a bug? Are auth plugins supposed to handle this? Why is it
> undefined?

Auth plugins should be able to handle the case where a password is 
undefined - there are some legitimate cases around the direct client 
(for example local federation connections) where no password is supplied 
(we take direct connections on trust, since anything which can do Erlang 
message passing can control the broker anyway). In this case the auth 
plugin should just answer the question "does the user exist?"

In 2.x this also happened with the management plugin when it was using 
the direct client (after it had validated the username / password 
itself). But this was less than useful for auth plugins, so in 3.0 the 
management plugin always passes the password in. I assume you're using 2.x?

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, VMware


More information about the rabbitmq-discuss mailing list