[rabbitmq-discuss] [RUBY AMPQ] SSL LOGIN ERROR EXTERNAL login refused

Loganathan Sellapa loganathan.ms at gmail.com
Tue Apr 29 09:58:21 BST 2014


Hi Simon,

Yes, I want to use EXTERNAL authentication by giving SSL certificates
instead of username & password. Can you let me  know the way to set user
name while generating the SSL certificates, since I didnt find any steps
for this inhttps://www.rabbitmq.com/ssl.html

regards,
Loganathan
Mob: +91 7760780741 | +91 9944414388
Skype: loganathan.sellappa
ViewMe <http://vizualize.me/loganathan>



On Tue, Apr 29, 2014 at 2:13 PM, Simon MacMullen <simon at rabbitmq.com> wrote:

> On 29/04/2014 09:05, Loganathan Sellapa wrote:
>
>> After restarting the rabbitmq server I tried to connect to RabbitMq via
>> AMQP Gem with the below code, but I am getting authentication failure
>> error.
>>
>> *_RUBY CODE:_*
>> *
>>
>> *
>> RMQ_CONFIGURATIONS = {:host=>"127.0.0.1", :port=>5671, :vhost=>"/",
>> :auth_mechanism=>"EXTERNAL",
>> :ssl=>{:cert_chain_file=>"/opt/ssl/client/cert.pem",
>> :private_key_file=>"/opt/ssl/client/key.pem"}}
>>
>
> Do you actually want to use EXTERNAL authentication? That's the
> authentication mode where you do not specify a username and password, but
> the authentication is done via SSL client certs and the username comes from
> the client cert DN / CN.
>
>  =ERROR REPORT==== 29-Apr-2014::13:26:22 ===
>> closing AMQP connection <0.862.0> (127.0.0.1:40657
>> <http://127.0.0.1:40657> -> 127.0.0.1:5671 <http://127.0.0.1:5671>):
>> {handshake_error,starting,0,
>>                   {amqp_error,access_refused,
>> *         "EXTERNAL login refused: user 'ubuntu' - invalid credentials",*
>>                               'connection.start_ok'}}
>>
>
> Note that the user is 'ubuntu' here, not 'guest'. I guess that's the CN of
> your client cert. RabbitMQ is complianing because although the SSL-based
> auth succeeded, it then couldn't find the user in the internal database (to
> find out what permissions it has).
>
> So if you *do* want to use EXTERNAL, you need to make sure that the user
> 'ubuntu' exists in the user database. The user can be set to have no
> password. You can also remove the
>
> If you do *not* want to use EXTERNAL and instead wanted to log in as
> 'guest' secured by SSL, remove 'auth_mechanisms' and 'ssl_cert_login_from'
> from the config.
>
> Cheers, Simon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140429/7a8b8597/attachment.html>


More information about the rabbitmq-discuss mailing list