[rabbitmq-discuss] Creating an auth plugin (Kerberos)

Simon Lundström simlu at su.se
Wed Dec 5 13:12:21 GMT 2012

On Wed, 2012-12-05 at 12:01:31 +0000, Tim Watson wrote:
> In your code, you do a couple of things that alleviate the need for an insulator. First of all, instead of communicating using stdio, you send your port commands asynchronously using `Port ! Command` which is not blocking. Secondly, in your loop (that gets data back from the port) you use `after 5000 -> [{error,timedout}|Acc]` to terminate the loop, so this won't block indefinitely either. As long as you're happy that authentication always has to work within 5 seconds then this approach is ok and you don't need to do anything else.


> If you want to allow longer authentication times and still terminate gracefully when, for example, the broker is being shut down, then you've got to do more work.

I'll keep this in mind and deal with it if any problems/issues arise.

> One thing I would suggest is that if you do hit `after 5000` and time out whilst waiting for the external program to complete, it *might* be a good idea to close the port so as not to leak resources. Check the open_port documentation for details.

Ah, I didn't read the eof documentation good enough it seems.

"The port will not be closed at the end of the file and produce an exit signal."

Thank you, good catch!

Another thing I spotted on the option exit_status was:
"If the eof option has been given as well, the eof message and the
exit_status message appear in an unspecified order."

Suggestions? "It works for me" at the moment ; P

How can I keep a "global" (within the same authentication process)
state? I belive I have read that records can be used for this? (Or is
this another question for erlang-discuss? ; )

What would you recommend?

Thank you so much again both of you,
- Simon

More information about the rabbitmq-discuss mailing list