[zeromq-dev] Is ZMQ_PLAIN authentication supposed to do anything?
Pieter Hintjens
ph at imatix.com
Sun Aug 25 22:53:31 CEST 2013
Failed authentication should cause the socket to be closed. We'll take
a look at this. Thanks for catching it.
On Sun, Aug 25, 2013 at 8:51 PM, MinRK <benjaminrk at gmail.com> wrote:
> Hello,
>
> I'm working on [adding support](https://github.com/zeromq/pyzmq/pull/401)
> for 3.3 bits in pyzmq, and I'm testing the authentication mechanisms. I
> translated the [security
> test](https://github.com/zeromq/libzmq/blob/master/tests/test_security.cpp)
> to Python and it ran just fine. However, when I checked to confirm that it
> actually did something, I changed the password to be incorrect - and the
> test *still* ran fine. This means that ZMQ_PLAIN authentication actually
> has no effect, and failed authentication doesn't result in any errors, and
> messages still send and receive as normal. I made the same changes to the C
> test with the same result: **failed authentication has no consequence**. I
> confirmed that `receive_and_process_zap_reply` is indeed returning `rc=-1`
> and setting `errno=EACCES`, but this does not seem to have any effect on the
> behavior of the sockets.
>
> I assume this is not intended. Is the implementation supposed to be complete
> at this point? And what precisely should be the effect of a failed
> authentication (i.e. which calls should raise, block, etc.).
>
> Thanks,
> -MinRK
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
More information about the zeromq-dev
mailing list