[rabbitmq-discuss] Publisher Authentication

Jerry Kuch jerryk at rbcon.com
Wed Sep 5 19:23:24 BST 2012


Hi, Satyarh...

On Wed, Sep 5, 2012 at 10:27 AM, Satyarth Negi <snegi at buffalo-studios.com>wrote:

>
> I am exploring RabbitMQ for use in our backend infrastructure. I have some
> backend servers that will publish to RabbitMQ broker. I am trying to look
> for a good way to authenticate our users. I am inclined towards putting
> ipchain rules to only allow incoming connections from my authorized servers
> and block for the rest.
>

This is a very reasonable thing to do.  Let your trusted pieces of
infrastructure through the firewall to touch the broker, and block others.


> However i am interested to explore what authentication RabbitMQ supports.
> My publishers create persistent connection with Broker and i will prefer
> authentication to happen only during connection setup. What are the best
> practices for my use case ?
>

You have a variety of authentication mechanisms including:


   - The built-in RabbitMQ user database against which one authenticates by
   presenting a user name or password (such connections and conversations can
   be encrypted by SSL)
   - A plugin that allows you to delegate authentication tasks to an LDAP
   server
   - Support for the SASL EXTERNAL, where clients are required to present a
   client certificate, and the client's identity is determined from that
   - The ability to write custom authentication (and even authorization)
   plugins if you want to do something more esoteric; note, that to do this
   you'll need to write code in Erlang, and learn a bit out how Rabbit's
   internals, boot process, plugin system, etc., work.



> Thanks !
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120905/021853e4/attachment.htm>


More information about the rabbitmq-discuss mailing list