[rabbitmq-discuss] Choosing SASL authentication mechanism

Jiri Krutil jiri at krutil.com
Mon Feb 28 16:25:00 GMT 2011


When experimenting with the rabbitmq-auth-mechanism-ssl plugin, we  
have seen a strange inconsistency in which SASL mechanism is chosen  
for client authentication on different broker installations.

We have two instances of the 2.3.1 broker installed on different boxes  
by different people. Both brokers are configured to use PLAIN,  
AMQPLAIN and EXTERNAL mechanisms.

We are connecting to both brokers using the same Java client (version  
2.3.1). The Java client uses the default SASL configuration.

When trying to connect, one broker uses the EXTERNAL mechanism as  
expected. But the other broker uses PLAIN authentication (which fails  
on invalid user/password).

When we override the default SaslConfig on the client side with a  
config that only has EXTERNAL in the mechanisms list, then both  
brokers use EXTERNAL and things work fine.

So my questions are:
- How does the broker choose the SASL mechanism to be used?
- What installation or configuration mistakes could affect this decision?


More information about the rabbitmq-discuss mailing list