<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Verdana","sans-serif";
        color:blue;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-GB link=blue vlink=purple>

<div class=WordSection1>

<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Verdana","sans-serif";
color:blue'>Would I need a separate certificate for each user? Does peer
certificate verification bypass normal username and password checking?<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Verdana","sans-serif";
color:blue'>Dan.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p>&nbsp;</o:p></span></p>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>

<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Mark Steele
[mailto:msteele@beringmedia.com] <br>
<b>Sent:</b> 15 July 2010 14:52<br>
<b>To:</b> Dan Wise<br>
<b>Cc:</b> rabbitmq-discuss@lists.rabbitmq.com<br>
<b>Subject:</b> Re: [rabbitmq-discuss] Authenticating users via SSPI<o:p></o:p></span></p>

</div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>You could use PKI and store the certificates in LDAP. Have
your app use the current credentials of the user to grab the certificate and
connect to rabbit over SSL with peer certificate verification enabled.<o:p></o:p></p>

<div>

<p class=MsoNormal style='margin-bottom:12.0pt'><br clear=all>
Mark Steele<br>
Director of development<br>
Bering Media Inc.<br>
<br>
<br>
<o:p></o:p></p>

<div>

<p class=MsoNormal>On Thu, Jul 15, 2010 at 5:53 AM, Dan Wise &lt;<a
href="mailto:Dan.Wise@ignisasset.com">Dan.Wise@ignisasset.com</a>&gt; wrote:<o:p></o:p></p>

<div>

<div>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:9.0pt;color:navy'>Hi,</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:9.0pt;color:navy'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:9.0pt;color:navy'>We have a number of Windows users who want
to use our rabbitmq messaging. However we need to ensure that we authenticate
them without them having to enter their Windows passwords and syncing with the
rabbitmq user passwords.</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:9.0pt;color:navy'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:9.0pt;color:navy'>Has anyone looked at a mechanism for using
SSPI authentication to allow clients to connect? This is surely a common
challenge, particularly in an organisation where there are large numbers of
users and the job of providing and maintaining separate passwords for different
systems is hugs.</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:9.0pt;color:navy'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:9.0pt;color:navy'>Thanks,</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:9.0pt;color:navy'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-autospace:none'><b><span style='font-size:10.0pt;color:#1F497D'>Dan Wise</span></b><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-autospace:none'><b><span style='font-size:10.0pt;color:#1F497D'>&nbsp;</span></b><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p>

</div>

<p class=MsoNormal>**************************************************************<br>
<br>
Visit our Website at <a href="http://www.ignisasset.com/" target="_blank">http://www.ignisasset.com/</a>
<br>
The information contained in this email (including any attachments transmitted
within it) is confidential and is intended solely for the use of the named
person. <br>
The unauthorised access, copying or re-use of the information in it by any
other person is strictly forbidden. <br>
If you are not the intended recipient please notify us immediately by return
email to <a href="mailto:postmaster@ignisasset.com" target="_blank">postmaster@ignisasset.com</a>.<br>
<br>
Internet communication is not guaranteed to be timely, secure, error or virus
free. We accept no liability for any harm to systems or data, nor for personal
emails. Emails may be recalled, deleted and monitored.<br>
<br>
Ignis Asset Management is the trading name of the Ignis Asset Management
Limited group of companies which includes the following subsidiary and
associated companies: Ignis Asset Management Limited (Registered in Scotland
No. SC200801), Ignis Investment Services Limited* (Registered in Scotland No.
SC101825) <br>
Ignis Fund Managers Limited* (Registered in Scotland No. SC85610) Scottish
Mutual Investment Managers Limited* (Registered in Scotland No. SC88674) <br>
Registered Office: 50 Bothwell Street, Glasgow, G2 6HR, Tel: 0141-222-8000 and
Scottish Mutual PEP &amp; ISA Managers Limited* (Registered in England No.
971504)<br>
Registered Office: 1 Wythall Green Way, Wythall, Birmingham B47 6WG and Ignis
Investment Management Limited* (Registered in England No. 5809046) <br>
Registered Office: Sentinel House, 16 Harcourt Street, London, W1H 4AD.
Scottish Mutual is a registered trade mark of Scottish Mutual Assurance Limited<br>
<br>
*Authorised and regulated by the Financial Services Authority.<br>
<br>
**************************************************************<o:p></o:p></p>

</div>

<p class=MsoNormal style='margin-bottom:12.0pt'><br>
_______________________________________________<br>
rabbitmq-discuss mailing list<br>
<a href="mailto:rabbitmq-discuss@lists.rabbitmq.com">rabbitmq-discuss@lists.rabbitmq.com</a><br>
<a href="https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss"
target="_blank">https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss</a><o:p></o:p></p>

</div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

</div>

</div>

</body>

</html>