[rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users

• Previous message: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users
• Next message: [rabbitmq-discuss] Topic authorization and authentication
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22 July 2014 at 16:00:08, Ankur5 C (ankur5.c at tcs.com) wrote:
> > Ok let me pose this like , is there any other mode of authentication  
> other than TLS ?

With MQTT you can authenticate using username & password or bypass authentication
and use TLS peer verification. Authentication mechanisms in MQTT (the protocol, not the plugin)
are not pluggable.

RabbitMQ will support TLS certificate authentication [1] for MQTT, too, but currently does not.

> When we create topics , is there any feature of role / user based  
> access of those topics?

RabbitMQ itself has fairly flexible authorization:
http://www.rabbitmq.com/access-control.html

but MQTT (the protocol) does not have the concept of topic authorization as of 3.1.1.
So while you can restrict e.g. publishing for MQTT clients (internally, the amq.topic exchange
is used by the MQTT plugin), there is no good way to indicate authorization failures
to MQTT clients.

This is a subject of ongoing debate in the MQTT community, unfortunately, I'm not aware of
any suggested improvements for the future spec revisions. 

1. https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ

• Previous message: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users
• Next message: [rabbitmq-discuss] Topic authorization and authentication
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]