[rabbitmq-discuss] Creating an auth plugin (Kerberos)

Simon Lundström simlu at su.se
Wed Dec 5 11:05:30 GMT 2012 

On Mon, 2012-12-03 at 11:21:55 +0000, Tim Watson wrote:
> If you want to avoid getting the exit signals, you can pass 'eof' in
> the options which (as per the open_port/2 docs) will change this
> behaviour such that:

Thanks, this is what I did. Code got much less messy = )

> If you want to avoid blocking (the reader! yes you do I would've
> thought) then you might consider using an 'insulator' process in
> which to open and interact with the port. This allows you to timeout
> and/or terminate the port without blocking the reader process - some
> port commands are blocking and if your C code (or external
> application or whatever) gets stuck then you could be in trouble.

Please elaborate on this. I've tried to find any information about using
an 'insulator' process. It's mentioned in the source code of eunit but that's
the only relevant hit I got. I understand what you mean by not blocking
the read process though but I thought using a port was async?
When I tested this, I could authenticate multiple users while
authentication was hanging?

I thought using
<https://github.com/simmel/rabbitmq-auth-backend-kerberos/blob/867ac9c937/src/rabbit_auth_backend_kerberos.erl#L85-L87>
would solve all my timeout problems? I'm going to lower timeout though,
it's way to high ATM = )

One thing that bothers me though is that if my auth backend refuses a user it
takes several seconds for the internal one to respond. Ideas about this and how
I can troubleshoot this?

=INFO REPORT==== 5-Dec-2012::10:36:54 ===
accepting AMQP connection <0.492.0> (130.237.95.133:59962 -> 77.238.35.76:5671)

=ERROR REPORT==== 5-Dec-2012::10:36:54 ===
exit_status: 1

=ERROR REPORT==== 5-Dec-2012::10:36:54 ===
eof: [false]

=ERROR REPORT==== 5-Dec-2012::10:36:54 ===
kinit: false!

=ERROR REPORT==== 5-Dec-2012::10:36:57 ===
closing AMQP connection <0.492.0> (130.237.95.133:59962 -> 77.238.35.76:5671):
{channel0_error,starting,
    {error,function_clause,'connection.start_ok',
        [{rabbit_auth_backend_internal,check_password,[<<"topsecret_but_wrong_password">>,<<>>]},
         {rabbit_auth_backend_internal,internal_check_user_login,2},
         {rabbit_access_control,'-check_user_login/2-fun-0-',4},
         {lists,foldl,3},
         {rabbit_reader,auth_phase,2},
         {rabbit_reader,handle_method0,3},
         {rabbit_reader,handle_input,3},
         {rabbit_reader,recvloop,2}]}}

AFAICT, it tries to find the hash in the internal DB but fails because there is no password for that user.

Thank you, both Simon and Tim, once again for your time,
- Simon

More information about the rabbitmq-discuss mailing list