You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Tim Platten <ti...@deutsche-boerse.com> on 2009/12/07 15:48:47 UTC
Remote IP authentication
Hi,
We have a requirement for the Qpid broker to simply authenticate a client
connection using username, password and remote IP address(es). Any
suggestions about how we might go about this? Kerberos is not an option.
TIA,
Tim
--
View this message in context: http://n2.nabble.com/Remote-IP-authentication-tp4126382p4126382.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Remote IP authentication
Posted by Rajith Attapattu <ra...@gmail.com>.
On Mon, Dec 7, 2009 at 10:37 AM, Tim Platten
<ti...@deutsche-boerse.com> wrote:
>
> We need to authenticate that a client is connecting from a known list of
> acceptable IP addresses (for that particular client). We would then maintain
> a list of valid IP addresses per client (username).
>
IMO the preferred solution is to use firewall rules.
But sometimes it may not be possible.
The java broker implements a similar feature if it really needs to be
done at the broker level.
http://qpid.apache.org/ip-whitelisting.html
Looking at the above it seems that we could possibly handle the above
with an extension in the ACL mechanism itself.
The ACL already have code for allow/deny per user/group. So extending
that should be fairly simple.
Regards,
Rajith
> Carl Trieloff wrote:
>>
>> Tim Platten wrote:
>>> Hi,
>>>
>>> We have a requirement for the Qpid broker to simply authenticate a client
>>> connection using username, password and remote IP address(es). Any
>>> suggestions about how we might go about this? Kerberos is not an option.
>>>
>>>
>>
>> Can you explain the "remote IP address(s)" requirement?
>>
>> Carl.
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>>
>
> --
> View this message in context: http://n2.nabble.com/Remote-IP-authentication-tp4126382p4126638.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
--
Regards,
Rajith Attapattu
Red Hat
http://rajith.2rlabs.com/
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Remote IP authentication
Posted by Tim Platten <ti...@deutsche-boerse.com>.
We need to authenticate that a client is connecting from a known list of
acceptable IP addresses (for that particular client). We would then maintain
a list of valid IP addresses per client (username).
Carl Trieloff wrote:
>
> Tim Platten wrote:
>> Hi,
>>
>> We have a requirement for the Qpid broker to simply authenticate a client
>> connection using username, password and remote IP address(es). Any
>> suggestions about how we might go about this? Kerberos is not an option.
>>
>>
>
> Can you explain the "remote IP address(s)" requirement?
>
> Carl.
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
>
--
View this message in context: http://n2.nabble.com/Remote-IP-authentication-tp4126382p4126638.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Remote IP authentication
Posted by Carl Trieloff <cc...@redhat.com>.
Tim Platten wrote:
> Hi,
>
> We have a requirement for the Qpid broker to simply authenticate a client
> connection using username, password and remote IP address(es). Any
> suggestions about how we might go about this? Kerberos is not an option.
>
>
Can you explain the "remote IP address(s)" requirement?
Carl.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Remote IP authentication
Posted by Tim Platten <ti...@deutsche-boerse.com>.
Thanks all for responding.
I should have mentioned that this is for the C++ broker.
Tim
Marnie McCormack wrote:
>
> Hi Tim,
>
> The whitelisting/broker firewall rules on the Java Broker would do this
> for
> you.
>
> You can read all about it here:
>
> http://qpid.apache.org/firewall-configuration.html
>
> Regards,
> Marnie
>
> On Mon, Dec 7, 2009 at 2:48 PM, Tim Platten <
> tim.platten.ext@deutsche-boerse.com> wrote:
>
>>
>> Hi,
>>
>> We have a requirement for the Qpid broker to simply authenticate a client
>> connection using username, password and remote IP address(es). Any
>> suggestions about how we might go about this? Kerberos is not an option.
>>
>> TIA,
>>
>> Tim
>> --
>> View this message in context:
>> http://n2.nabble.com/Remote-IP-authentication-tp4126382p4126382.html
>> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>
>
--
View this message in context: http://n2.nabble.com/Remote-IP-authentication-tp4126382p4131033.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Remote IP authentication
Posted by Marnie McCormack <ma...@googlemail.com>.
Hi Tim,
The whitelisting/broker firewall rules on the Java Broker would do this for
you.
You can read all about it here:
http://qpid.apache.org/firewall-configuration.html
Regards,
Marnie
On Mon, Dec 7, 2009 at 2:48 PM, Tim Platten <
tim.platten.ext@deutsche-boerse.com> wrote:
>
> Hi,
>
> We have a requirement for the Qpid broker to simply authenticate a client
> connection using username, password and remote IP address(es). Any
> suggestions about how we might go about this? Kerberos is not an option.
>
> TIA,
>
> Tim
> --
> View this message in context:
> http://n2.nabble.com/Remote-IP-authentication-tp4126382p4126382.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>