[rabbitmq-discuss] two factor authentication with tokens

Jerry Kuch jerryk at rbcon.com
Fri Jan 11 18:02:50 GMT 2013


On Fri, Jan 11, 2013 at 9:47 AM, Ben Hood <0x6e6562 at gmail.com> wrote:

>
> Can this also be made to work in conjunction with an LDAP provider, i.e.
> by chaining the supported LDAP backend with a custom backend to
> additionally validate the the token? I wondering whether you can require
> the client to answer both a username/password challenge (evaluated by the
> supported LDAP auth backend) as well as having the token checked by the the
> custom backend? Does the protocol and wiring flow allow for the LDAP
> backend to get re-used in this way or would you need to implement the
> custom backend that wraps the lookup against the LDAP directory and the
> lookup against the Radius server?
>

If I recall correctly, one backend or the other would have to know about
the other one and take care of the chaining rather than something like this
being possible in the Rabbit configuration.  The backend chosen to go with
a given connection is basically the first one in the rabbitmq.config file's
list of backends that succeeds as they're tried in order, and is bound
irrevocably to that session thereafter.

Pursuing this outcome you might be able to call into specific parts of the
LDAP backend as helpers, but a good hunk of your hybrid auth logic would be
in your plugin itself.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130111/c60b66d4/attachment.htm>


More information about the rabbitmq-discuss mailing list