[rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users

Michael Klishin mklishin at gopivotal.com
Tue Jul 22 13:05:13 BST 2014

On 22 July 2014 at 16:00:08, Ankur5 C (ankur5.c at tcs.com) wrote:
> > Ok let me pose this like , is there any other mode of authentication  
> other than TLS ?

With MQTT you can authenticate using username & password or bypass authentication
and use TLS peer verification. Authentication mechanisms in MQTT (the protocol, not the plugin)
are not pluggable.

RabbitMQ will support TLS certificate authentication [1] for MQTT, too, but currently does not.

> When we create topics , is there any feature of role / user based  
> access of those topics?

RabbitMQ itself has fairly flexible authorization:

but MQTT (the protocol) does not have the concept of topic authorization as of 3.1.1.
So while you can restrict e.g. publishing for MQTT clients (internally, the amq.topic exchange
is used by the MQTT plugin), there is no good way to indicate authorization failures
to MQTT clients.

This is a subject of ongoing debate in the MQTT community, unfortunately, I'm not aware of
any suggested improvements for the future spec revisions. 

1. https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl

Staff Software Engineer, Pivotal/RabbitMQ

More information about the rabbitmq-discuss mailing list