[rabbitmq-discuss] x509 Authentication

• Previous message: [rabbitmq-discuss] x509 Authentication
• Next message: [rabbitmq-discuss] RabbitMQ to the browser - scale question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Warren Smith <wsmith at tacc.utexas.edu> writes:
> I haven't checked back with the developers, but what I ended up doing
> was hacking the rabbit_auth_mechanism_ssl plugin to do what I want (I
> should have created a new plugin, but...).

FWIW, we have a similar need here (use DN rather than CN) but we use
STOMP that does not use rabbit_auth_mechanism_ssl. So I ended up
modifying the STOMP plugin to make it work.

It would really be good to improve X.509 authentication in a consistent
way in RabbitMQ. Things I can think of:
 - use common code between AMQP and STOMP
 - use DN rather than CN, maybe via a configurable option
 - standard DN cleanup (such as your quotes removal)

IMHO, the most tricky part is what to do if the connection has both a
valid certificate and a valid name/password.

Cheers,

Lionel Cons

• Previous message: [rabbitmq-discuss] x509 Authentication
• Next message: [rabbitmq-discuss] RabbitMQ to the browser - scale question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]