[rabbitmq-discuss] Pluggable Authentication back ends?
Scott Brooks
scott at beamdog.com
Wed Jun 16 17:32:16 BST 2010
Yeah, when I was poking around I noticed that it's a pretty small
number of places that it would change.
I'll play around with it a bit and see what I come up with.
Scott
On Wed, Jun 16, 2010 at 10:23 AM, Matthias Radestock
<matthias at rabbitmq.com> wrote:
> Scott,
>
> On 16/06/10 16:49, Scott Brooks wrote:
>>
>> First off congratulations on 1.8.0.
>>
>> Secondly I was looking through the source trying to find a way to
>> extend the authentication code and it looks like there isn't really
>> any way to do it as a plugin.
>>
>> Ideally such a system would operate something like this.
>> 1: Authenticate against rabbits built in user list.
>> 2: If the user is not found, map over a configurable list of
>> gen_server names calling into it with a standard set of messages the
>> gen_server would have to accept.
>> 3: In that users state store which backend authorized them so it can
>> return to that when needing to check permissions, etc.
>>
>> Then I could write a plugin that would create an auth exchange that it
>> could send auth requests to and the equivalent application bound do
>> that exchange replying with auth ok, fail, etc.
>>
>> That would let me lookup and auth against my users database without
>> having to either share a public username and password, or try and sync
>> the two databases.
>>
>> Thoughts?
>
> Ben Hood at LShift (cc'ed) has been looking into something very much like
> this for a client project. I don't think that project has started yet, but
> he may be able to share his thoughts on this subject with you. I reckon the
> changes required to the rabbit core would be very small. So patches are
> welcome.
>
> Caveat: I wouldn't go anywhere near permission checks just yet; things get
> very complicated very quickly if you do, so I'd just focus on authentication
> and leave authorisation as is. Also, I'd start with just being able to
> specify a single authentication module - that's how all the other pluggable
> things work, i.e. one tells rabbit which module to use for a certain piece
> of functionality.
>
>
> Matthias.
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>
More information about the rabbitmq-discuss
mailing list