[rabbitmq-discuss] Creating an auth plugin (Kerberos)

• Previous message: [rabbitmq-discuss] lager vs sasl error log
• Next message: [rabbitmq-discuss] Creating an auth plugin (Kerberos)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To resurrect my work and this old thread, I'm now starting very near to
release. A few questions though.

I've tried to read the code but I guess I've failed, I'm trying to
understand the structure of the {refused} and {error} messages when
authentication fails. {refused} seems to have two "arguments" while
{error} only has one? What's the correct structure and thinking here?


When a user authenticate via my plugin via the management GUI we get
this error message in the log:
=ERROR REPORT==== 29-Apr-2013::09:28:54 ===
webmachine error: path="/api/whoami"
{error,function_clause,
       [{rabbit_auth_backend_internal,check_password,[<<"totally_secret_password">>,<<>>]},
        {rabbit_auth_backend_internal,internal_check_user_login,2},
        {rabbit_access_control,'-check_user_login/2-fun-0-',4},
        {lists,foldl,3},
        {rabbit_mgmt_util,is_authorized,4},
        {webmachine_resource,resource_call,3},
        {webmachine_resource,do,3},
        {webmachine_decision_core,resource_call,1}]}

If I understand the code correctly it's because the function
check_password can't compare the stored hash to the password that the
user has supplied when trying to login. Since the password is cleared
and thus there exists no hash it errors out.
Some mechanism for checking if a password (and/or hash) is empty and
then refusing the client might be needed?

Br,
- Simon

• Previous message: [rabbitmq-discuss] lager vs sasl error log
• Next message: [rabbitmq-discuss] Creating an auth plugin (Kerberos)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]