[rabbitmq-discuss] ssl certificate to client lookup

Nathaniel Haggard natester at gmail.com
Thu Dec 9 18:56:20 GMT 2010


On Thu, Dec 9, 2010 at 4:27 AM, Simon MacMullen <simon at rabbitmq.com> wrote:
> On 09/12/10 07:53, jiri at krutil.com wrote:
>>
>> Simon,
>>
>>> Also, bug23467 (not yet QAed) allows your clients to use the SASL
>>> EXTERNAL mechanism to log in using a client certificate, which may be
>>> interesting to you.
>>
>> This sounds very promising for us. Can you explain how will that work?
>
> In short: the SASL mechanisms used by the server and clients will become
> configurable and plugin-based. We'll be offering an EXTERNAL plugin that
> uses a verified client certificate for login.
>
>> Will the client identity be extracted from the client certificate's
>> subject?
>
> Yes, ATM it's just the common name from the subject.

What about setting a field in the message header to the common name of
the subject?


>
>> Will the client still need to specify username and password for
>> login?
>
> No.
>
> Cheers, Simon
>
> --
> Simon MacMullen
> Staff Engineer, RabbitMQ
> SpringSource, a division of VMware
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>


More information about the rabbitmq-discuss mailing list