[rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users
Michael Klishin
mklishin at gopivotal.com
Tue Jul 22 13:05:13 BST 2014
On 22 July 2014 at 16:00:08, Ankur5 C (ankur5.c at tcs.com) wrote:
> > Ok let me pose this like , is there any other mode of authentication
> other than TLS ?
With MQTT you can authenticate using username & password or bypass authentication
and use TLS peer verification. Authentication mechanisms in MQTT (the protocol, not the plugin)
are not pluggable.
RabbitMQ will support TLS certificate authentication [1] for MQTT, too, but currently does not.
> When we create topics , is there any feature of role / user based
> access of those topics?
RabbitMQ itself has fairly flexible authorization:
http://www.rabbitmq.com/access-control.html
but MQTT (the protocol) does not have the concept of topic authorization as of 3.1.1.
So while you can restrict e.g. publishing for MQTT clients (internally, the amq.topic exchange
is used by the MQTT plugin), there is no good way to indicate authorization failures
to MQTT clients.
This is a subject of ongoing debate in the MQTT community, unfortunately, I'm not aware of
any suggested improvements for the future spec revisions.
1. https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
More information about the rabbitmq-discuss
mailing list