[SOLVED] RabbitMQ invalid credentials with valid information for web management interface

RabbitMQ invalid credentials with valid information for web management interface

While trying to configure and create an admin user for rabbitmq with a JSON file. The users are created. But I am getting the following error while logging in with valid credentials from the web management console.

2022-07-22 08:15:56.342071+00:00 [warning] <0.847.0> HTTP access denied: user 'admin' - invalid credentials

My configurations and docker files are as follows.

rabbitmq.config

[
  {rabbit, [
    {loopback_users, [admin]}
  ]},
  {rabbitmq_management, [
    {load_definitions, "/etc/rabbitmq/definitions.json"}
  ]}
].

definitions.json

{
  "users": [
    {
      "name": "guest",
      "password_hash": "abcd",
      "hashing_algorithm": "rabbit_password_hashing_sha256",
      "tags": ""
    },
    {
      "name": "admin",
      "password_hash": "admin123",
      "hashing_algorithm": "rabbit_password_hashing_sha256",
      "tags": "administrator"
    }
  ],
  "vhosts": [
    {
      "name": "/"
    }
  ],
  "permissions": [
    {
      "user": "admin",
      "vhost": "/",
      "configure": ".*",
      "write": ".*",
      "read": ".*"
    }
  ],
}

FROM rabbitmq:3.9-management

COPY conf/rabbitmq.config /etc/rabbitmq/
COPY conf/definitions.json /etc/rabbitmq/
RUN chown rabbitmq:rabbitmq /etc/rabbitmq/rabbitmq.config /etc/rabbitmq/definitions.json

CMD ["rabbitmq-server"]

I also tried to log in with rabbitmqctl

>>rabbitmqctl authenticate_user admin admin123

Authenticating user "admin" ...
Error:
Error: failed to authenticate user "admin"
user 'admin' - invalid credentials

When the password is changed with rabbitmqctl change_password admin admin123 everything seems to work fine.

The only warning in the log on rabbitmq startup is

2022-07-22 08:15:30.218099+00:00 [warning] <0.652.0> Message store "628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent": rebuilding indices from scratch

Could someone please tell me the possible cause and solution? If I've missed out anything, over- or under-emphasized a specific point, please let me know in the comments. Thank you so much in advance for your time.

Solution

Your definitions file must contain the HASH of the password, not the password itself. Generally what I do is set a user's password via change_password like you have, then export the current definitions. You'll notice that they contain the hashed password.

You can also generate the hash yourself. See this:

How to generate password_hash for RabbitMQ Management HTTP API