[rabbitmq-discuss] Announcing: rabbitmq-proxyauth: A RabbitMQ Proxy Authentication patch/Plugin

• Previous message: [rabbitmq-discuss] Announcing: rabbitmq-proxyauth: A RabbitMQ Proxy Authentication patch/Plugin
• Next message: [rabbitmq-discuss] What is a good tradeoff for number of connections and channels/connection for a client ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Scott,

On 26/07/10 16:40, Scott Brooks wrote:
> Ok, I'll see what I can do for points 2/3
>
> For #1, I guess I would need to make it so permissions can be set on
> non existent users then?

yes, you would have to do that, but ...

> Also, here is the use case I'd be looking to use this to solve.
> I'm exposing RabbitMQ to the Internet, and don't want to have to share
> a username/password.
> I also don't want to have to maintain two sets of users, and two sets
> of passwords/permissions.
>
> Assuming I do the above so you can set permissions ahead of time for
> all your users, it's not really much more work to just create the
> users then as well.

Fair point. An alternative would be to map all users authenticated via 
the plug-in to a single, ordinary rabbit user for the purposes of 
authorisation. That feels like a kludge though, and the same effect 
could be achieved by making authorisation pluggable and then simply have 
the plug-in perform the mapping and checks.

So I guess the plug-in's API should cover both authentication and 
authorisation after all.


Regards,

Matthias.

• Previous message: [rabbitmq-discuss] Announcing: rabbitmq-proxyauth: A RabbitMQ Proxy Authentication patch/Plugin
• Next message: [rabbitmq-discuss] What is a good tradeoff for number of connections and channels/connection for a client ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]