[zeromq-dev] Is ZMQ_PLAIN authentication supposed to do anything?
MinRK
benjaminrk at gmail.com
Thu Aug 29 01:32:35 CEST 2013
On Sun, Aug 25, 2013 at 1:53 PM, Pieter Hintjens <ph at imatix.com> wrote:
> Failed authentication should cause the socket to be closed. We'll take
> a look at this. Thanks for catching it.
>
Thanks. By closed, you mean the connecting peer (client) should be closed,
or the inner pipe on the server side? What should be the user-visible
symptoms of failed authentication, both on the client side and the server
side, if any? I'm looking to add a failed-auth test to test_security, but
it is unclear to me what the expected behavior is. Is the symptom only
that messages sent do not arrive, or should sending a message not succeed
in the first place?
-MinRK
> On Sun, Aug 25, 2013 at 8:51 PM, MinRK <benjaminrk at gmail.com> wrote:
> > Hello,
> >
> > I'm working on [adding support](https://github.com/zeromq/pyzmq/pull/401
> )
> > for 3.3 bits in pyzmq, and I'm testing the authentication mechanisms. I
> > translated the [security
> > test](
> https://github.com/zeromq/libzmq/blob/master/tests/test_security.cpp)
> > to Python and it ran just fine. However, when I checked to confirm that
> it
> > actually did something, I changed the password to be incorrect - and the
> > test *still* ran fine. This means that ZMQ_PLAIN authentication actually
> > has no effect, and failed authentication doesn't result in any errors,
> and
> > messages still send and receive as normal. I made the same changes to
> the C
> > test with the same result: **failed authentication has no consequence**.
> I
> > confirmed that `receive_and_process_zap_reply` is indeed returning
> `rc=-1`
> > and setting `errno=EACCES`, but this does not seem to have any effect on
> the
> > behavior of the sockets.
> >
> > I assume this is not intended. Is the implementation supposed to be
> complete
> > at this point? And what precisely should be the effect of a failed
> > authentication (i.e. which calls should raise, block, etc.).
> >
> > Thanks,
> > -MinRK
> >
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> >
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20130828/9c9f48b4/attachment.htm>
More information about the zeromq-dev
mailing list