[rabbitmq-discuss] client cert & user/pass authentication
Simon MacMullen
simon at rabbitmq.com
Wed May 8 11:41:47 BST 2013
I'm afraid that's not possible at the moment. I'm not sure whether the
Erlang SSL API lets us determine programmatically whether there is a
client cert and it has been verified. We'll look into this.
Cheers, Simon
On 07/05/13 15:58, Warren Smith wrote:
>
> I'm using the rabbitmq-auth-mechanism-ssl plugin to authenticate
> clients using certificates that the clients present. This is working
> well, but for convenience, I'd also like to allow a few users to
> authenticate using a username/password over an ssl connection.
>
> rabbitmq-auth-mechanism-ssl requires that the ssl_options in the the
> rabbitmq.config include {fail_if_no_peer_cert,true}, so user/pass
> authentication can't be performed. If I try to set it to false, the
> client certificate seems to be ignored.
>
> I have {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']} in the
> rabbitmq.config and users can authenticate over tcp with a user/pass,
> but I'd prefer that they use ssl. Is there a configuration that would
> allow me to support both client certificate and username/password
> authentication over ssl?
>
>
> Thanks,
>
>
> Warren
>
> _______________________________________________ rabbitmq-discuss
> mailing list rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>
--
Simon MacMullen
RabbitMQ, Pivotal
More information about the rabbitmq-discuss
mailing list