[rabbitmq-discuss] Configuring Users

Bell, Paul M. pbell at syncsort.com
Mon Mar 12 14:59:12 GMT 2012


Jerry (and Emile),

Thank you.

I am looking now at the Overview tab, but see no controls for "Upload/Download broker definitions."

The last line on the page (aside from a "Last update" timestamp on the right side) says "HTTP API|Command Line |".

Am I using wrong version of the plug-in?

-Paul

-----Original Message-----
From: Jerry Kuch [mailto:jerryk at vmware.com] 
Sent: Monday, March 12, 2012 10:55 AM
To: Bell, Paul M.
Cc: rabbitmq-discuss at lists.rabbitmq.com
Subject: Re: [rabbitmq-discuss] Configuring Users

Hi, Paul:

Emile on the Rabbit team has kindly reminded me of another feature
that might help you (and one whose existence I chronically forget
about)...

The management plugin config has an upload feature that lets you
preserve all broker configuration details, including user accounts 
and (hashed) passwords.

If you look at the very bottom of the page associated with the
'Overview' tab in the management plugin you'll find UI controls
for Upload/Download broker definitions...

Best regards,
Jerry


----- Original Message -----
From: "Paul M. Bell" <pbell at syncsort.com>
To: "Jerry Kuch" <jerryk at vmware.com>
Cc: rabbitmq-discuss at lists.rabbitmq.com
Sent: Friday, March 9, 2012 1:41:59 PM
Subject: RE: [rabbitmq-discuss] Configuring Users

Thank you, Sir.

Most helpful.

Cordially,

Paul

-----Original Message-----
From: Jerry Kuch [mailto:jerryk at vmware.com]
Sent: Friday, March 09, 2012 4:40 PM
To: Bell, Paul M.
Cc: rabbitmq-discuss at lists.rabbitmq.com
Subject: Re: [rabbitmq-discuss] Configuring Users

Hi, Paul... answers inline:

> But let me make sure I understand: user names and passwords are NOT in
> rabbitmq.config; for Windows, rabbitmq.config will be in %APPDATA%\RabbitMQ\.

By default, that shoudl be the case, yes.

> I see no rabbitmq.config in %APPDATA%\RabbitMQ\. I can only conclude from this that > its presence is not required if all default configuration values are in effect (my case, I > think).

Rabbit can live without a file there.  If you enable RABBITMQ_CONSOLE_LOG as per this page:

http://www.rabbitmq.com/configure.html

you can look at the RabbitMQ startup blurb.  It will print a line prefaced with "config file(s):" that will tell you what, if any config files it used when starting up.  See the "Verify Configuration" of the above page for details.

> Here's what's behind my question: I am thinking about the use of site-specific
> passwords, i.e., I don't want to ship a product to multiple customers and have these
> multiple instances of Rabbit share a common password for a fixed username.

Sounds very reasonable.

> Let's suppose that I have a means of generating, encrypting, and saving to disk a
> site-specific password for this fixed Rabbit user (maybe the username, common to all > installations, is "syncsortRabbit" - whatever). Rabbit login code would then have
> to read
> the password from disk, decrypt it, and then convey it via
> connectionFactory.setPassword().

And also of course get an appropriate user created in the broker with known name and matching password, but yes indeed.

> From another perspective, I cannot distribute a product whose Rabbit component has a > pre-configured user all of whose passwords are identical. That is, each copy can have > user "syncsortRabbit" and each can have an initial fixed password, but I would need a > way to change that password to make it site-specific.
>
> Perhaps, after generating a site-specific password, I could accomplish this via
> rabbitmqctl add_user.....?

You absolutely could do that.   Details depend on how you're distributing Rabbit and how you're doing the per-user customization.  You could imagine giving your customers a run-once, initial provisioning scripts that creates users/passwords that your system needs for example.

Best regards,
Jerry



ATTENTION: -----

The information contained in this message (including any files transmitted with this message) may contain proprietary, trade secret or other  confidential and/or legally privileged information. Any pricing information contained in this message or in any files transmitted with this message is always confidential and cannot be shared with any third parties without prior written approval from Syncsort. This message is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any use, disclosure, copying or distribution of this message, in any form, is strictly prohibited. If you have received this message in error, please immediately notify the sender and/or Syncsort and destroy all copies of this message in your possession, custody or control.


More information about the rabbitmq-discuss mailing list