[rabbitmq-discuss] Python Client for RabbitMQ/AMQP?
Jeff Rogers
dvrsn at diphi.com
Thu Aug 23 19:57:20 BST 2007
Matthias Radestock wrote:
> Alexis Richardson wrote:
>
>> We want to fix this. Do you have any other examples of mismatch
>> between OpenAMQ and RabbitMQ?
>
> I thought OpenAMQ implements 0-9.
>
> >> On the side of rabbitmq doing things wrong, the
> >> authentication is completely screwy - the server response says that
> >> it only supports PLAIN authentication but the server only implements
> >> AMQPLAIN.
> >> [...]
> >> particularly in the case of the authentication rabbitmq
> >> seems to be making specific allowances for qpid even tho it appears
> >> qpid is not following the spec exactly.
>
> We have hacked the PLAIN authentication to match Qpids. Our AMQPLAIN
> authentication is what the spec defines as PLAIN authentication.
>
> Is OpenAMQ doing PLAIN authentication in conformance with the spec?
>
> If so, the only way I can think of addressing the discrepancy at our end
> is to check what client is trying to connect to the RabbitMQ server and
> make PLAIN auth behave accordingly. Same in our client code. That's
> rather gross and brittle though.
I think part of the problem is that the 0.8 spec is confusing on this
point. It says:
"The contents of this data are defined by the SASL security
mechanism.For the PLAIN security mechanism this is defined as a field
table holding two fields,LOGIN and PASSWORD."
However, SASL also defines a mechanism called PLAIN in rfc4616 which is
message = [authzid] UTF8NUL authcid UTF8NUL passwd
This is what OpenAMQ implements as PLAIN and probably what qpid is doing
also (I have a vague recollection that qpid incorrectly leaves off the
initial null but that may be bad memory on my part).
So which PLAIN is PLAIN? Considering that the security is specified in
several places as using SASL mechanisms and that language about a
LOGIN/PASSWORD field table has been dropped in the 0.9 spec, I think the
SASL PLAIN mechanism is the right one to follow.
Confusion in the spec notwithstanding, my bigger gripe about how
rabbitmq is handling it is that the AMQPLAIN method is not advertised at
all in the connection.start call, so any use of it is going to be well,
gross and brittle as you say.
ejabberd appears to have implementations of SASL-PLAIN and
SASL-DIGEST-MD5 - I wonder if it would be worth adapting their code.
-J
More information about the rabbitmq-discuss
mailing list