[rabbitmq-discuss] Announcing: rabbitmq-proxyauth: A RabbitMQ Proxy Authentication patch/Plugin
Matthias Radestock
matthias at rabbitmq.com
Thu Jul 29 09:23:25 BST 2010
Scott,
On 26/07/10 16:40, Scott Brooks wrote:
> Ok, I'll see what I can do for points 2/3
>
> For #1, I guess I would need to make it so permissions can be set on
> non existent users then?
yes, you would have to do that, but ...
> Also, here is the use case I'd be looking to use this to solve.
> I'm exposing RabbitMQ to the Internet, and don't want to have to share
> a username/password.
> I also don't want to have to maintain two sets of users, and two sets
> of passwords/permissions.
>
> Assuming I do the above so you can set permissions ahead of time for
> all your users, it's not really much more work to just create the
> users then as well.
Fair point. An alternative would be to map all users authenticated via
the plug-in to a single, ordinary rabbit user for the purposes of
authorisation. That feels like a kludge though, and the same effect
could be achieved by making authorisation pluggable and then simply have
the plug-in perform the mapping and checks.
So I guess the plug-in's API should cover both authentication and
authorisation after all.
Regards,
Matthias.
More information about the rabbitmq-discuss
mailing list