[rabbitmq-discuss] using rabbitmq with active directory without sending password.

gabriel.dausque at gdfsueztrading.com gabriel.dausque at gdfsueztrading.com
Tue Dec 10 19:12:01 GMT 2013


Hello,

Because of new recommendation asked by our Security officer, we must add secure authentication to access rabbitmq.

To do that, we are experiencing the usage of ldap plugin with a .Net client in front of it, but I I'm quite surprise to be forced to send the windows user password to the rabbitmq server in order for it to check the identity of the user  as it seems to be a very bad security practice to ask for the already authenticated user its password and reuse it, and also my security officer will not validate that kind of solution.

Is there a way to only check that the user is already authenticated without explicit login/password using ldap authentication ?

Best regards

Gabriel DAUSQUE
Expert SI Meteor FPR
Tel : 01 56 65 66 68
Mail : gabriel.dausque at gdfsueztrading.com

___________________________________________________________________ 

This message (including any attachments) and its content are confidential, meant solely for the addressees. 
The views expressed in this message are those of its author and do not necessarily represent the opinion of GDF SUEZ Trading. 
If you are not the intended recipient please notify the sender immediately and destroy this e-mail. 
Any unauthorised copying, use, disclosure or distribution of the content of this e-mail is strictly forbidden. 
GDF SUEZ Trading shall not be liable for the message if altered, changed or falsified or computer virus contained. 
___________________________________________________________________ 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131210/91aa58ad/attachment.html>


More information about the rabbitmq-discuss mailing list