[rabbitmq-discuss] Python Client for RabbitMQ/AMQP?

• Previous message: [rabbitmq-discuss] Python Client for RabbitMQ/AMQP?
• Next message: [rabbitmq-discuss] Python Client for RabbitMQ/AMQP?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matthias Radestock wrote:
> Alexis Richardson wrote:
> 
>> We want to fix this.  Do you have any other examples of mismatch
>> between OpenAMQ and RabbitMQ?
> 
> I thought OpenAMQ implements 0-9.
>
>  >> On the side of rabbitmq doing things wrong, the
>  >> authentication is completely screwy - the server response says that
>  >> it only supports PLAIN authentication but the server only implements
>  >> AMQPLAIN.
>  >> [...]
>  >> particularly in the case of the authentication rabbitmq
>  >> seems to be making specific allowances for qpid even tho it appears
>  >> qpid is not following the spec exactly.
> 
> We have hacked the PLAIN authentication to match Qpids. Our AMQPLAIN 
> authentication is what the spec defines as PLAIN authentication.
> 
> Is OpenAMQ doing PLAIN authentication in conformance with the spec?
> 
> If so, the only way I can think of addressing the discrepancy at our end 
> is to check what client is trying to connect to the RabbitMQ server and 
> make PLAIN auth behave accordingly. Same in our client code. That's 
> rather gross and brittle though.

I think part of the problem is that the 0.8 spec is confusing on this 
point.  It says:
"The contents of this data are defined by the SASL security 
mechanism.For the PLAIN security mechanism this is defined as a field 
table holding two fields,LOGIN and PASSWORD."

However, SASL also defines a mechanism called PLAIN in rfc4616 which is
    message   = [authzid] UTF8NUL authcid UTF8NUL passwd
This is what OpenAMQ implements as PLAIN and probably what qpid is doing 
also (I have a vague recollection that qpid incorrectly leaves off the 
initial null but that may be bad memory on my part).

So which PLAIN is PLAIN?  Considering that the security is specified in 
several places as using SASL mechanisms and that language about a 
LOGIN/PASSWORD field table has been dropped in the 0.9 spec, I think the 
SASL PLAIN mechanism is the right one to follow.

Confusion in the spec notwithstanding, my bigger gripe about how 
rabbitmq is handling it is that the AMQPLAIN method is not advertised at 
all in the connection.start call, so any use of it is going to be well, 
gross and brittle as you say.

ejabberd appears to have implementations of SASL-PLAIN and 
SASL-DIGEST-MD5 - I wonder if it would be worth adapting their code.

-J

• Previous message: [rabbitmq-discuss] Python Client for RabbitMQ/AMQP?
• Next message: [rabbitmq-discuss] Python Client for RabbitMQ/AMQP?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]