[rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users

• Previous message: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users
• Next message: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I guess I am not able to clarify my question. 

Ok let me pose this like , is there any other mode of authentication other 
than TLS ?

When we create topics , is there any feature of role / user based access 
of those topics?

Thanks and Regards,
Ankur Chakraborty




From:   Michael Klishin <mklishin at gopivotal.com>
To:     Ankur5 C <ankur5.c at tcs.com>
Cc:     Legacy list about RabbitMQ <rabbitmq-discuss at lists.rabbitmq.com>
Date:   22-07-2014 17:22
Subject:        Re: [rabbitmq-discuss] MQTT login failed for "guest" 
access_refused even after mentioning loopback_users



On 22 July 2014 at 15:41:40, Ankur5 C (ankur5.c at tcs.com) wrote:
> > So if I do not use SSL , in that case how does the authentication 
> occur?

If you configure RabbitMQ to verify peer, the client will be 
authenticated.
Paho can be configured to perform TLS verification, too.

http://www.rabbitmq.com/ssl.html

Different clients expose different APIs for enabling/disabling peer 
verification.
There are 3 examples that demonstrate how MQTT clients can be set up to 
use TLS
with peer verification, including 2 Paho clients (Java and Python):

https://github.com/michaelklishin/mqtt-tls-playground

> Anyone who is aware of the uri can post data to a topic with 
> a client id ?

You do not post data to URIs in MQTT. You open a long-running connection
using a URI and client-id, then publish messages using a separate protocol
frame (which clients expose as a separate API function/method).

In Paho, the method is MqttClient#publish:
http://www.eclipse.org/paho/files/javadoc/org/eclipse/paho/client/mqttv3/MqttClient.html#publish(java.lang.String
, byte[], int, boolean)

Sorry to point this out but this is really basic  ,
a software engineer should be able to figure this out on her own quite 
quickly.

> What is the significance of the user and pass (mentioned as default 
> user and pass) mentioned in the rabbit config file?

We are going in circles on this. This is documented quite clearly:
http://www.rabbitmq.com/mqtt.html

> I am using the default one and using the tag loopback_users, [] 
> for connecting from remote host. All is working fine.

That can work but now it is possible to connect to your RabbitMQ node
using well-known credentials of an administrative user. Doesn't sound 
incredibly
secure to me.
-- 
MK 

Staff Software Engineer, Pivotal/RabbitMQ

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140722/5e8f5f56/attachment.html>

• Previous message: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users
• Next message: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]