AMQP 0-9-1 requires brokers to terminate the network connection if an authentication failure occurs during connection establishment. This makes it difficult for clients to distinguish such authentication failures from genuine network interruptions during the early stages of connection establishment. The RabbitMQ broker offers explicit authentication failure notifications for clients that advertise their capacity to receive such notifications.
The broker will report failures differently depending on the presence of the authentication_failure_close capability. If this capability is absent then authentication failures are reported in the legacy fashion: by abruptly closing the network connection. If this capability is present then the broker will send a connection.close command to the client indicating ACCESS_REFUSED as the reason. The broker will create a log entry for the authentication failure in either case.