[rabbitmq-discuss] Choosing SASL authentication mechanism

• Previous message: [rabbitmq-discuss] backport-util-concurrent upgrade from 3.0 to 3.1?
• Next message: [rabbitmq-discuss] Choosing SASL authentication mechanism
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

When experimenting with the rabbitmq-auth-mechanism-ssl plugin, we  
have seen a strange inconsistency in which SASL mechanism is chosen  
for client authentication on different broker installations.

We have two instances of the 2.3.1 broker installed on different boxes  
by different people. Both brokers are configured to use PLAIN,  
AMQPLAIN and EXTERNAL mechanisms.

We are connecting to both brokers using the same Java client (version  
2.3.1). The Java client uses the default SASL configuration.

When trying to connect, one broker uses the EXTERNAL mechanism as  
expected. But the other broker uses PLAIN authentication (which fails  
on invalid user/password).

When we override the default SaslConfig on the client side with a  
config that only has EXTERNAL in the mechanisms list, then both  
brokers use EXTERNAL and things work fine.

So my questions are:
- How does the broker choose the SASL mechanism to be used?
- What installation or configuration mistakes could affect this decision?

Cheers
Jiri

• Previous message: [rabbitmq-discuss] backport-util-concurrent upgrade from 3.0 to 3.1?
• Next message: [rabbitmq-discuss] Choosing SASL authentication mechanism
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]