[rabbitmq-discuss] Creating an auth plugin (Kerberos)

Simon Lundström simlu at su.se
Mon Apr 29 12:24:26 BST 2013


To resurrect my work and this old thread, I'm now starting very near to
release. A few questions though.

I've tried to read the code but I guess I've failed, I'm trying to
understand the structure of the {refused} and {error} messages when
authentication fails. {refused} seems to have two "arguments" while
{error} only has one? What's the correct structure and thinking here?


When a user authenticate via my plugin via the management GUI we get
this error message in the log:
=ERROR REPORT==== 29-Apr-2013::09:28:54 ===
webmachine error: path="/api/whoami"
{error,function_clause,
       [{rabbit_auth_backend_internal,check_password,[<<"totally_secret_password">>,<<>>]},
        {rabbit_auth_backend_internal,internal_check_user_login,2},
        {rabbit_access_control,'-check_user_login/2-fun-0-',4},
        {lists,foldl,3},
        {rabbit_mgmt_util,is_authorized,4},
        {webmachine_resource,resource_call,3},
        {webmachine_resource,do,3},
        {webmachine_decision_core,resource_call,1}]}

If I understand the code correctly it's because the function
check_password can't compare the stored hash to the password that the
user has supplied when trying to login. Since the password is cleared
and thus there exists no hash it errors out.
Some mechanism for checking if a password (and/or hash) is empty and
then refusing the client might be needed?

Br,
- Simon


More information about the rabbitmq-discuss mailing list