|
|
12
|
|
Hi,
Is there any broker bridge concept against
rabbitmq MQTT plugin , as there is one in Mosquito ?
And also how can we scale rabbit mq?
Can you refer any architectural diagram
for RabbitMQ MQTT plugin.
Thanks ,
Ankur.
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
Hi,
I want the default user guest to work
from remote host.
My rabbitmq config file looks like :
[{rabbit, [{tcp_listeners,
[5672]},{ssl_listeners, [5671]},
{ssl_options,
[{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
{certfile,"/etc/rabbitmq/server/cert.pem"},
{keyfile,"/etc/rabbitmq/server/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}]},
{rabbitmq_mqtt, [{default_user,
<<"guest">>},
{default_pass, <<"guest">>},
{loopback_users,
[]},
{allow_anonymous, true},
{vhost,
<<"/">>},
{subscription_ttl, 1800000},
{prefetch, 10},
{ssl_listeners, [8883]},
{tcp_listeners, [1883]},
{tcp_listen_options, [binary,
{packet, raw},
{reuseaddr, true},
{backlog, 128},
{nodelay, true}]}]}
].
I have mentioned the {loopback_users,
[]} , and even after restarting the rabbitmq server my mqtt client is saying
Not authorized to connect
and the logs reveal , MQTT login failed for "guest" access_refused
(access must be from localhost).
Please suggest.
From,local host all is well.
Thanks and Regards,
Ankur Chakraborty
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
Thanks , I am going to use a new user.
Is it the right way . This time I am getting Bad
user name or password (4). How to
set up a new user ?
[{rabbit, [{tcp_listeners,
[5672]},{ssl_listeners, [5671]},
{ssl_options,
[{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
{certfile,"/etc/rabbitmq/server/cert.pem"},
{keyfile,"/etc/rabbitmq/server/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}]},
{rabbitmq_mqtt, [{default_user,
<<"cto">>},
{default_pass, <<"cto">>},
{allow_anonymous,
true},
{vhost,
<<"/">>},
{subscription_ttl, 1800000},
{prefetch, 10},
{ssl_listeners, [8883]},
{tcp_listeners, [1883]},
{tcp_listen_options, [binary,
{packet, raw},
{reuseaddr, true},
{backlog, 128},
{nodelay, true}]}]}
].
Thanks and Regards,
Ankur Chakraborty
From:
Michael Klishin <[hidden email]>
To:
Ankur5 C <[hidden email]>
Cc:
Legacy list about RabbitMQ
<[hidden email]>
Date:
18-07-2014 14:33
Subject:
Re: [rabbitmq-discuss]
MQTT login failed for "guest" access_refused even after mentioning
loopback_users
On 18 July 2014 at 13:00:44, Ankur5 C ([hidden email])
wrote:
> > {loopback_users, []}
loopback_users is a RabbitMQ server config setting, not the MQTT plugin.
The example on http://www.rabbitmq.com/access-control.html
includes it in
the "rabbit" app config.
It is also highly recommended to use a new user with non-obvious credentials
rather than enabling remote access for "guest".
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
(18/07/14 10:17), Ankur5 C wrote:
Thanks , I am going
to use a new user.
Is it the right way . This time I am getting Bad
user name or password (4).
How to
set up a new user ?
[{rabbit,
[{tcp_listeners,
[5672]},{ssl_listeners, [5671]},
{ssl_options,
[{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
{certfile,"/etc/rabbitmq/server/cert.pem"},
{keyfile,"/etc/rabbitmq/server/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}]},
{rabbitmq_mqtt,
[{default_user,
<<"cto">>},
{default_pass, <<"cto">>},
...
Just to throw in my 2c, the default_user/default_pass are
only applied in the broker when it starts up with an empty database,
so when it first starts or after a rabbitmqctl reset. So,
whilst you could do that, Michael's suggestion of using rabbitmqctl
add_user is virtually always what you want.
Hope that's useful.
Thanks and Regards,
Ankur Chakraborty
From:
Michael Klishin
[hidden email]
To:
Ankur5 C
[hidden email]
Cc:
Legacy list about
RabbitMQ
[hidden email]
Date:
18-07-2014 14:33
Subject:
Re:
[rabbitmq-discuss]
MQTT login failed for "guest" access_refused even after
mentioning
loopback_users
On 18 July 2014 at 13:00:44, Ankur5 C
([hidden email])
wrote:
> > {loopback_users, []}
loopback_users is a RabbitMQ server config setting, not the
MQTT plugin.
The example on http://www.rabbitmq.com/access-control.html
includes it in
the "rabbit" app config.
It is also highly recommended to use a new user with
non-obvious credentials
rather than enabling remote access for "guest".
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
Also sharing my client code : Do I need to use any user name and password
at the client end?
try {
client = new MqttClient(
"tcp://ec2-54-179-77-171.ap-southeast-1.compute.amazonaws.com:1883",
"AmazonTest");
client.connect();
System.out.println("Connection status :: "+client
.isConnected());
int i=0;
MqttMessage message = new MqttMessage();
while(true){
try {
i++;
Thread.sleep(1000);
message.setPayload(("Hii I am Raspberry
PI!!!"+Integer.toString(i)).getBytes());
client.publish("Raspberry/test", message);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
} catch (MqttException e) {
e.printStackTrace();
}
}
Thanks and Regards,
Ankur Chakraborty
Tata Consultancy Services
Mailto: [hidden email]
Website: http://www.tcs.com____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
From: Ankur5 C/KOL/TCS
To: Michael Klishin < [hidden email]>
Cc: Legacy list about RabbitMQ
< [hidden email]>
Date: 18-07-2014 14:46
Subject: Re: [rabbitmq-discuss] MQTT login failed for "guest"
access_refused even after mentioning loopback_users
Thanks , I am going to use a new user. Is it the right way . This time I am
getting Bad user name or password (4). How to set up a new user ?
[{rabbit, [{tcp_listeners, [5672]},{ssl_listeners, [5671]},
{ssl_options,
[{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
{certfile,"/etc/rabbitmq/server/cert.pem"},
{keyfile,"/etc/rabbitmq/server/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}]},
{rabbitmq_mqtt, [{default_user, <<"cto">>},
{default_pass, <<"cto">>},
{allow_anonymous, true},
{vhost, <<"/">>},
{subscription_ttl, 1800000},
{prefetch, 10},
{ssl_listeners, [8883]},
{tcp_listeners, [1883]},
{tcp_listen_options, [binary,
{packet, raw},
{reuseaddr, true},
{backlog, 128},
{nodelay, true}]}]}
].
Thanks and Regards,
Ankur Chakraborty
From: Michael Klishin < [hidden email]>
To: Ankur5 C < [hidden email]>
Cc: Legacy list about RabbitMQ
< [hidden email]>
Date: 18-07-2014 14:33
Subject: Re: [rabbitmq-discuss] MQTT login failed for "guest"
access_refused even after mentioning loopback_users
On 18 July 2014 at 13:00:44, Ankur5 C ( [hidden email]) wrote:
> > {loopback_users, []}
loopback_users is a RabbitMQ server config setting, not the MQTT plugin.
The example on http://www.rabbitmq.com/access-control.html includes it in
the "rabbit" app config.
It is also highly recommended to use a new user with non-obvious
credentials
rather than enabling remote access for "guest".
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
ok , great i will use guest as default
user and pass.
This is my rabbit config file :
[{rabbit, [{tcp_listeners,
[5672]},{ssl_listeners, [5671]},
{ssl_options,
[{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
{certfile,"/etc/rabbitmq/server/cert.pem"},
{keyfile,"/etc/rabbitmq/server/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}]},
{rabbitmq_mqtt, [{default_user,
<<"guest">>},
{default_pass, <<"guest">>},
{allow_anonymous, true},
{vhost,
<<"/">>},
{subscription_ttl, 1800000},
{prefetch, 10},
{ssl_listeners, [8883]},
{tcp_listeners, [1883]},
{tcp_listen_options, [binary,
{packet, raw},
{reuseaddr, true},
{backlog, 128},
{nodelay, true}]}]}
].
Please let me know where should I provide
the loopback_users ?
Ankur Chakraborty
Tata Consultancy Services
Plot C, Block EP ,
Salt Lake Electronics Complex
Kolkata - 700091,West Bengal
India
Ph:- +913366367304
Buzz:- 4337304
Mailto: [hidden email]
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
From:
Michael Klishin <[hidden email]>
To:
Ankur5 C <[hidden email]>
Cc:
Legacy list about RabbitMQ
<[hidden email]>
Date:
18-07-2014 15:22
Subject:
Re: [rabbitmq-discuss]
MQTT login failed for "guest" access_refused even after mentioning
loopback_users
On 18 July 2014 at 13:43:32, Ankur5 C ([hidden email])
wrote:
> > Also sharing my client code : Do I need to use any user name
and
> password
> at the client end?
You can configure MQTT plugin to not perform authentication as authentication
is optional in MQTT:
http://www.rabbitmq.com/mqtt.html
If you ask me, this is a terrible MQTT feature (and in fact
I know that some MQTT-based services reject unauthenticated clients).
But if you use default_user and default_pass, you do not need to provide
any credentials. That's why default_user/default_pass are there.
Again, this is pretty clearly documented in http://www.rabbitmq.com/mqtt.html.
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
On 18 July 2014 at 14:33:02, Ankur5 C ( [hidden email]) wrote:
> > Please let me know where should I provide the loopback_users
> ?
This is documented with an example in http://www.rabbitmq.com/access-control.html:[{rabbit, [{loopback_users, []}]}].
So, in your case it becomes
{rabbit, [{loopback_users, []}
{tcp_listeners, [5672]},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
{certfile,"/etc/rabbitmq/server/cert.pem"},
{keyfile,"/etc/rabbitmq/server/key.pem"},
{verify,verify_peer}]}
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
Hi,
Just wanted to know using Paho java
client how can I connect a rabbit mq mqtt broker using username and password.
At the broker side I have to add user
and password and add the user from rabbitmq ctl. Then what should be done
at the paho java client end ?
Please suggest with example.
Thanks and Regards,
Ankur Chakraborty
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
On 22 July 2014 at 10:52:11, Ankur5 C ( [hidden email]) wrote:
> > Just wanted to know using Paho java client how can I connect a
> rabbit mq mqtt broker using username and password.
>
> At the broker side I have to add user and password and add the user
> from rabbitmq ctl. Then what should be done at the paho java client
> end ?
>
> Please suggest with example.
Ankur,
You don't need to configure anything
in the Paho Java client, just provide a URI, client-id and (possibly) client WAL/persister.
This is what two MqttClient constructors do:
http://www.eclipse.org/paho/files/javadoc/index.htmlAlso, you do not technically have to add a new user to RabbitMQ but if you connect
from remote hosts and want to use reasonable security practices, that's a good idea.
That said, in the latter case non-authenticated connections is not what you want.
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
So if I do not use SSL , in that case how
does the authentication occur? Anyone who is aware of the uri can post
data to a topic with a client id ?
What is the significance of the user
and pass (mentioned as default user and pass) mentioned in the rabbit config
file?
I am using the default one and using
the tag loopback_users, [] for connecting from
remote host. All is working fine.
Thanks and Regards,
Ankur Chakraborty
From:
Michael Klishin <[hidden email]>
To:
Ankur5 C <[hidden email]>
Cc:
Legacy list about RabbitMQ
<[hidden email]>
Date:
22-07-2014 15:53
Subject:
Re: [rabbitmq-discuss]
MQTT login failed for "guest" access_refused even after mentioning
loopback_users
On 22 July 2014 at 10:52:11, Ankur5 C ([hidden email])
wrote:
> > Just wanted to know using Paho java client how can I connect
a
> rabbit mq mqtt broker using username and password.
>
> At the broker side I have to add user and password and add the user
> from rabbitmq ctl. Then what should be done at the paho java client
> end ?
>
> Please suggest with example.
Ankur,
You don't need to configure anything
in the Paho Java client, just provide a URI, client-id and (possibly) client
WAL/persister.
This is what two MqttClient constructors do:
http://www.eclipse.org/paho/files/javadoc/index.html
Also, you do not technically have to add a new user to RabbitMQ but if
you connect
from remote hosts and want to use reasonable security practices, that's
a good idea.
That said, in the latter case non-authenticated connections is not what
you want.
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
On 22 July 2014 at 15:41:40, Ankur5 C ( [hidden email]) wrote:
> > So if I do not use SSL , in that case how does the authentication
> occur?
If you configure RabbitMQ to verify peer, the client will be authenticated.
Paho can be configured to perform TLS verification, too.
http://www.rabbitmq.com/ssl.htmlDifferent clients expose different APIs for enabling/disabling peer verification.
There are 3 examples that demonstrate how MQTT clients can be set up to use TLS
with peer verification, including 2 Paho clients (Java and Python):
https://github.com/michaelklishin/mqtt-tls-playground> Anyone who is aware of the uri can post data to a topic with
> a client id ?
You do not post data to URIs in MQTT. You open a long-running connection
using a URI and client-id, then publish messages using a separate protocol
frame (which clients expose as a separate API function/method).
In Paho, the method is MqttClient#publish:
http://www.eclipse.org/paho/files/javadoc/org/eclipse/paho/client/mqttv3/MqttClient.html#publish(java.lang.String, byte[], int, boolean)
Sorry to point this out but this is really basic ,
a software engineer should be able to figure this out on her own quite quickly.
> What is the significance of the user and pass (mentioned as default
> user and pass) mentioned in the rabbit config file?
We are going in circles on this. This is documented quite clearly:
http://www.rabbitmq.com/mqtt.html> I am using the default one and using the tag loopback_users, []
> for connecting from remote host. All is working fine.
That can work but now it is possible to connect to your RabbitMQ node
using well-known credentials of an administrative user. Doesn't sound incredibly
secure to me.
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
I guess I am not able to clarify my question.
Ok let me pose this like , is there
any other mode of authentication other than TLS ?
When we create topics , is there any
feature of role / user based access of those topics?
Thanks and Regards,
Ankur Chakraborty
From:
Michael Klishin <[hidden email]>
To:
Ankur5 C <[hidden email]>
Cc:
Legacy list about RabbitMQ
<[hidden email]>
Date:
22-07-2014 17:22
Subject:
Re: [rabbitmq-discuss]
MQTT login failed for "guest" access_refused even after mentioning
loopback_users
On 22 July 2014 at 15:41:40, Ankur5 C ([hidden email])
wrote:
> > So if I do not use SSL , in that case how does the authentication
> occur?
If you configure RabbitMQ to verify peer, the client will be authenticated.
Paho can be configured to perform TLS verification, too.
http://www.rabbitmq.com/ssl.html
Different clients expose different APIs for enabling/disabling peer verification.
There are 3 examples that demonstrate how MQTT clients can be set up to
use TLS
with peer verification, including 2 Paho clients (Java and Python):
https://github.com/michaelklishin/mqtt-tls-playground
> Anyone who is aware of the uri can post data to a topic with
> a client id ?
You do not post data to URIs in MQTT. You open a long-running connection
using a URI and client-id, then publish messages using a separate protocol
frame (which clients expose as a separate API function/method).
In Paho, the method is MqttClient#publish:
http://www.eclipse.org/paho/files/javadoc/org/eclipse/paho/client/mqttv3/MqttClient.html#publish(java.lang.String,
byte[], int, boolean)
Sorry to point this out but this is really basic ,
a software engineer should be able to figure this out on her own quite
quickly.
> What is the significance of the user and pass (mentioned as default
> user and pass) mentioned in the rabbit config file?
We are going in circles on this. This is documented quite clearly:
http://www.rabbitmq.com/mqtt.html
> I am using the default one and using the tag loopback_users, []
> for connecting from remote host. All is working fine.
That can work but now it is possible to connect to your RabbitMQ node
using well-known credentials of an administrative user. Doesn't sound incredibly
secure to me.
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
On 22 July 2014 at 16:00:08, Ankur5 C ( [hidden email]) wrote:
> > Ok let me pose this like , is there any other mode of authentication
> other than TLS ?
With MQTT you can authenticate using username & password or bypass authentication
and use TLS peer verification. Authentication mechanisms in MQTT (the protocol, not the plugin)
are not pluggable.
RabbitMQ will support TLS certificate authentication [1] for MQTT, too, but currently does not.
> When we create topics , is there any feature of role / user based
> access of those topics?
RabbitMQ itself has fairly flexible authorization:
http://www.rabbitmq.com/access-control.htmlbut MQTT (the protocol) does not have the concept of topic authorization as of 3.1.1.
So while you can restrict e.g. publishing for MQTT clients (internally, the amq.topic exchange
is used by the MQTT plugin), there is no good way to indicate authorization failures
to MQTT clients.
This is a subject of ongoing debate in the MQTT community, unfortunately, I'm not aware of
any suggested improvements for the future spec revisions.
1. https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl--
MK
Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
Hi,
Is there any plan to implement rabbitmq's
topic authorization and authentication ? Our requirement is the same as
mentioned in :
https://stormpath.com/blog/lightweight-authentication-and-authorization-for-mqtt-with-stormpath/
Topic based authorization and authentication
is required against the MQTT plugin of rabbitmq.
Thanks and Regards,
Ankur Chakraborty
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
|
|
Hi,
I am trying to connect rabbitmq over
the ssl port but I am getting :
accepting AMQP connection <0.231.0>
(192.168.161.171:65208 -> 192.168.161.197:5671)
=ERROR REPORT==== 30-Jul-2014::17:53:07
===
error on AMQP connection <0.231.0>:
{ssl_upgrade_error,timeout}
My config file is :
[{rabbit, [{tcp_listeners,
[5672]},{ssl_listeners, [5671]},
{ssl_options,
[{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
{certfile,"/etc/rabbitmq/server/cert.pem"},
{keyfile,"/etc/rabbitmq/server/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}]}
].
I am using the example https://www.rabbitmq.com/ssl.html
, Connecting without validating certificates.
Please suggest.
Thanks and Regards,
Ankur Chakraborty
From:
Michael Klishin <[hidden email]>
To:
Ankur5 C <[hidden email]>
Cc:
Legacy list about RabbitMQ
<[hidden email]>
Date:
29-07-2014 10:57
Subject:
Re: [rabbitmq-discuss]
Topic authorization and authentication
On 29 July 2014 at 09:25:39, Ankur5 C ([hidden email])
wrote:
> > Is there any plan to implement rabbitmq's topic authorization
> and authentication ? Our requirement is the same as mentioned
> in :
>
> https://stormpath.com/blog/lightweight-authentication-and-authorization-for-mqtt-with-stormpath/
>
> Topic based authorization and authentication is required against
> the MQTT plugin of rabbitmq.
MQTT 3.1.1 (the protocol) does not have a concept of topic authorization.
As soon as it does, we'll look into adding it to RabbitMQ MQTT plugin.
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
|
12
|
Locked
