[rabbitmq-discuss] x509 proxy file for user authentication
Doug Benjamin
dougbenjaminatwork at gmail.com
Tue Apr 22 03:58:34 BST 2014
Hello,
I was wondering about the status of using a x509 proxy file
for user authentication using a python client code and rabbitmq server.
If possible I would like to avoid having to pass a password for
authentication,
as I would have to place the password in a text file on the client machine.
(Does code exist to use an encrypted shared secret?)
When connecting to a globus gridftp server, I can use my x509 proxy file.
The
globus gridftp server contains a text file that maps DN to user name. I
would
like to do the same with my rabbitmq server.
I would like to use the ssl certificate log into the rabbit management
and rabbit server ports. When I try to connect to the rabbit management
port I connect vs https but get a login screen requesting username/password.
I am sure that I have something misconfigured.
Here is what I have for my rabbit config file.
[
{rabbit, [
{auth_mechanisms,['EXTERNAL']},
{tcp_listeners, []},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/var/lib/rabbitmq/certs/all_cacerts.pem"},
{certfile,"/var/lib/rabbitmq/certs/hostcert.pem"},
{keyfile,"/var/lib/rabbitmq/certs/hostkey.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,true}]}
]},
{rabbitmq_stomp, [{tcp_listeners,[]},
{ssl_cert_login, true},
{ssl_listeners, [61614]}]},
{rabbitmq_management, [{ listener, [ {port,15671},
{ssl,true},
{ssl_opts,
[{cacertfile,"/var/lib/rabbitmq/certs/all_cacerts.pem"},
{certfile,"/var/lib/rabbitmq/certs/hostcert.pem"},
{keyfile,"/var/lib/rabbitmq/certs/hostkey.pem"}]}
]}
]}
].
Thanks,
Doug Benjamin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140421/1d585dca/attachment.html>
More information about the rabbitmq-discuss
mailing list