[rabbitmq-discuss] Announcing: rabbitmq-proxyauth: A RabbitMQ Proxy Authentication patch/Plugin

Matthias Radestock matthias at rabbitmq.com
Thu Jul 29 09:23:25 BST 2010


On 26/07/10 16:40, Scott Brooks wrote:
> Ok, I'll see what I can do for points 2/3
> For #1, I guess I would need to make it so permissions can be set on
> non existent users then?

yes, you would have to do that, but ...

> Also, here is the use case I'd be looking to use this to solve.
> I'm exposing RabbitMQ to the Internet, and don't want to have to share
> a username/password.
> I also don't want to have to maintain two sets of users, and two sets
> of passwords/permissions.
> Assuming I do the above so you can set permissions ahead of time for
> all your users, it's not really much more work to just create the
> users then as well.

Fair point. An alternative would be to map all users authenticated via 
the plug-in to a single, ordinary rabbit user for the purposes of 
authorisation. That feels like a kludge though, and the same effect 
could be achieved by making authorisation pluggable and then simply have 
the plug-in perform the mapping and checks.

So I guess the plug-in's API should cover both authentication and 
authorisation after all.



More information about the rabbitmq-discuss mailing list