[rabbitmq-discuss] Shovel authentication question (possible bug)

Simon MacMullen simon at rabbitmq.com
Fri May 31 17:15:07 BST 2013


On 31/05/13 16:29, john.hayden at nokia.com wrote:
> I am very new to rabbitmq and shovel but I may have found a bug:

<snip>

>          [ {sources, [{broker, "amqp://sensu:[email protected]/sensu"}]}

<snip>

> ** Reason for termination ==
> ** {{badmatch,{error,access_refused}},
>      [{rabbit_shovel_worker,make_conn_and_chan,1},
>       {rabbit_shovel_worker,handle_cast,2},
>       {gen_server2,handle_msg,2},
>       {proc_lib,init_p_do_apply,3}]}
>
>
> Notice this line:
> [{amqp_params_direct,<<"sensu">>,none,<<"sensu">>,
>                               'rabbit at ip-10-40-215-251',none,[]}],
>
> If I read this correctly, the password is not being passed and THUS
> authentication is being denied.

No, not really. The source URI "amqp://sensu:[email protected]/sensu" doesn't 
specify a host, therefore it connects with the direct client (i.e. via 
Erlang message passing rather than AMQP). In most contexts the direct 
client does not need a password (since if you can connect via Erlang 
message passing you must be trusted). So the password in that URL is 
ignored (and you can take it out) but this is not your problem - you 
have some other access control issue.

Check the logs for errors looking like:

=ERROR REPORT==== 31-May-2013::17:12:33 ===
closing AMQP connection <0.388.0> (127.0.0.1:40730 -> 127.0.0.1:5672):
{handshake_error,starting,0,
  {amqp_error,access_refused,
              "PLAIN login refused: user 'user' - invalid credentials",
              'connection.start_ok'}}

or similar.

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, Pivotal


More information about the rabbitmq-discuss mailing list