<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi all,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m investigating using RabbitMQ as part of a project and I’ve got a question about client authentication. Right now, the clients in this project (users, daemons, etc.) all have X.509 certificates. It would be very useful if these identities could be used for authentication and authorization in RabbitMQ.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I found the SSL documentation for RabbitMQ and I’ve been working on configuring a RabbitMQ service to support SSL. However, it appears that even if the client program presents a certificate for authentication, this identity doesn’t seem to be used by RabbitMQ. The client still needs to present a username/password – this is what I’d like to avoid.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Is it currently possible to use the DN in the client certificate as the identity of the client? I found a thread about this on the email list (<a href="http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2009-July/004045.html">http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2009-July/004045.html</a>) and the conclusion seemed to be that using the client DN was possible with some modifications to RabbitMQ and that someone was going to take a look at it. I don’t see it referenced anywhere else, so maybe it didn’t happen.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The approach of mapping the DN in a client certificate to a RabbitMQ username and then doing authorization based on that username seems like it would work fine for what I’m trying to do, btw.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Warren<o:p></o:p></p></div></body></html>