[rabbitmq-discuss] Securing RabbitMQ
Alexandru Scvortov
alexandru at rabbitmq.com
Mon Jan 30 23:36:56 GMT 2012
(posting again to the m/l)
> Quick q: does RabbitMQ allow presenting a hashed password?
No. The authentication system is pluggable, though, so you could
easily write your own mechanism (see the src/rabbit_auth_mechanism_*
files in the broker source tree for examples).
Cheers,
Alex
On Mon, Jan 30, 2012 at 02:47:00PM -0500, Bell, Paul M. wrote:
> Thank you both.
>
> Quick q: does RabbitMQ allow presenting a hashed password?
>
> For example, you can configure a filer to accept MD5 hashed passwords. The principal that wants to authenticate with the filer hashes its password via MD5 and places the hashed password on the wire to the filer.
>
> -paul
>
> On Jan 30, 2012, at 5:13 AM, "Alexandru Scvorţov" <alexandru at rabbitmq.com> wrote:
>
> >> I tested this plugin some months ago and I found it very useful, my only concern is that it didn't support the CRL feature. The problem was due to the OpensSSL library used by erlang which didn't implement the CRL check, but AFAIK there was a plan to release a new version of that module from erlang team.
> >> Is there some news about that?
> >
> > As of R15B (released a month ago), they still don't support CRLs.
> >
> > Cheers,
> > Alex
> >
> > On Mon, Jan 30, 2012 at 09:43:40AM +0000, Rosa, Andrea wrote:
> >> Hi
> >>
> >>> You could just not use passwords. If you use SSL connections, RabbitMQ
> >>> can authenticate users by the certificate they provide.
> >>>
> >>> See the auth-mechanism-ssl plugin for details:
> >>> http://hg.rabbitmq.com/rabbitmq-auth-mechanism-ssl/file/default/README
> >>
> >> I tested this plugin some months ago and I found it very useful, my only concern is that it didn't support the CRL feature. The problem was due to the OpensSSL library used by erlang which didn't implement the CRL check, but AFAIK there was a plan to release a new version of that module from erlang team.
> >> Is there some news about that?
> >>
> >> Cheers
> >> --
> >> Andrea Rosa
> > _______________________________________________
> > rabbitmq-discuss mailing list
> > rabbitmq-discuss at lists.rabbitmq.com
> > https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>
>
>
> ATTENTION: -----
>
> The information contained in this message (including any files transmitted with this message) may contain proprietary, trade secret or other confidential and/or legally privileged information. Any pricing information contained in this message or in any files transmitted with this message is always confidential and cannot be shared with any third parties without prior written approval from Syncsort. This message is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any use, disclosure, copying or distribution of this message, in any form, is strictly prohibited. If you have received this message in error, please immediately notify the sender and/or Syncsort and destroy all copies of this message in your possession, custody or control.
More information about the rabbitmq-discuss
mailing list