[rabbitmq-discuss] Publisher Authentication
jerryk at rbcon.com
Wed Sep 5 19:23:24 BST 2012
On Wed, Sep 5, 2012 at 10:27 AM, Satyarth Negi <snegi at buffalo-studios.com>wrote:
> I am exploring RabbitMQ for use in our backend infrastructure. I have some
> backend servers that will publish to RabbitMQ broker. I am trying to look
> for a good way to authenticate our users. I am inclined towards putting
> ipchain rules to only allow incoming connections from my authorized servers
> and block for the rest.
This is a very reasonable thing to do. Let your trusted pieces of
infrastructure through the firewall to touch the broker, and block others.
> However i am interested to explore what authentication RabbitMQ supports.
> My publishers create persistent connection with Broker and i will prefer
> authentication to happen only during connection setup. What are the best
> practices for my use case ?
You have a variety of authentication mechanisms including:
- The built-in RabbitMQ user database against which one authenticates by
presenting a user name or password (such connections and conversations can
be encrypted by SSL)
- A plugin that allows you to delegate authentication tasks to an LDAP
- Support for the SASL EXTERNAL, where clients are required to present a
client certificate, and the client's identity is determined from that
- The ability to write custom authentication (and even authorization)
plugins if you want to do something more esoteric; note, that to do this
you'll need to write code in Erlang, and learn a bit out how Rabbit's
internals, boot process, plugin system, etc., work.
> Thanks !
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rabbitmq-discuss