[rabbitmq-discuss] two factor authentication with tokens

Simon MacMullen simon at rabbitmq.com
Thu Jan 17 16:07:15 GMT 2013

On 17/01/13 13:17, Ben Hood wrote:
> What I don't understand about your observation may stem from my
> misunderstanding the flow of the handshake during AMQP connection
> establishment. I was assuming that due to the sequence of AMQP frames
>  defined in the protocol, Rabbit would initially delegate the
> authentication to my custom rabbit_auth_mechanism, which could
> present vhost X. Once this callback has successfully done everything
> it needs to do and returns a user back to Rabbit, then the client
> would be able to send a connection.open frame. At this point, the
> client could potentially encode vhost Y into that frame, and hence
> effectively by-pass the logic of the custom rabbit_auth_mechanism.

Well, assuming you have a rabbit_auth_mechanism and a
rabbit_auth_backend that know about each other, you can have your
rabbit_auth_mechanism return a #user{} containing knowledge of how
authentication was done, and the rabbit_auth_backend could then
reference this when checking whether to allow vhost access. So you can't
determine the auth mechanism based on the vhost (as you state, the
protocol does not allow that) but you can ensure that invalid auth
mechanism / vhost combinations don't grant access, which is the
important bit.

> Having said all of this, in the meantime I've come up with an
> alternative solution - just run separate Rabbit instances for each
> vhost.

...but this is of course simpler.

Cheers, Simon

Simon MacMullen
RabbitMQ, VMware

More information about the rabbitmq-discuss mailing list