[rabbitmq-discuss] two factor authentication with tokens
Ben Hood
0x6e6562 at gmail.com
Fri Jan 11 17:47:03 GMT 2013
Cool.
Can this also be made to work in conjunction with an LDAP provider, i.e. by chaining the supported LDAP backend with a custom backend to additionally validate the the token? I wondering whether you can require the client to answer both a username/password challenge (evaluated by the supported LDAP auth backend) as well as having the token checked by the the custom backend? Does the protocol and wiring flow allow for the LDAP backend to get re-used in this way or would you need to implement the custom backend that wraps the lookup against the LDAP directory and the lookup against the Radius server?
On Friday, 11 January 2013 at 15:01, Simon MacMullen wrote:
> Yes, that's how it's intended to work.
>
> Cheers, Simon
>
> On 11/01/13 14:59, Ben Hood wrote:
> > Hi all,
> >
> > In order to implement this, would this be a case of:
> >
> > * Configure a client side SASLMechanism that supplies a token;
> > * Configure the server to accept this mechanism;
> > * Implement a rabbit_auth_mechanism behavior that defers the
> > processing of the token to some upstream provider;
> >
> > ?
> >
> > Cheers,
> >
> > Ben
> >
> > On Thursday, 10 January 2013 at 00:36, Jerry Kuch wrote:
> >
> > > Hi, Thomas:
> > >
> > > Not out of the box... although the Rabbit authentication and
> > > authorization mechanisms are pluggable and can be replaced if one is
> > > willing to write a bit of Erlang.
> > >
> > > To that end, how does one implement the server end of RSA-token based
> > > two factor authentication? Is there an SDK or APIs that one must gain
> > > access to?
> > >
> > > Also, two factor auth seems most useful when there's a human involved
> > > in the log-on process, something which for a messaging broker may
> > > often not really be true. Can you say more about the nature of your
> > > desire for RSA two factor with Rabbit?
> > >
> > > Best regards,
> > > Jerry
> > >
> > > _______________________________________________
> > > rabbitmq-discuss mailing list
> > > rabbitmq-discuss at lists.rabbitmq.com (mailto:rabbitmq-discuss at lists.rabbitmq.com)
> > > <mailto:rabbitmq-discuss at lists.rabbitmq.com>
> > > https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
> > >
> >
> >
> >
> >
> > _______________________________________________
> > rabbitmq-discuss mailing list
> > rabbitmq-discuss at lists.rabbitmq.com (mailto:rabbitmq-discuss at lists.rabbitmq.com)
> > https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
> >
>
>
>
> --
> Simon MacMullen
> RabbitMQ, VMware
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130111/4c6bee24/attachment.htm>
More information about the rabbitmq-discuss
mailing list