You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@qpid.apache.org by Tim Platten <ti...@deutsche-boerse.com> on 2009/12/07 15:48:47 UTC

Remote IP authentication

Hi,

We have a requirement for the Qpid broker to simply authenticate a client
connection using username, password and remote IP address(es). Any
suggestions about how we might go about this? Kerberos is not an option.

TIA,

Tim
-- 
View this message in context: http://n2.nabble.com/Remote-IP-authentication-tp4126382p4126382.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

Re: Remote IP authentication

Posted by Rajith Attapattu <ra...@gmail.com>.

On Mon, Dec 7, 2009 at 10:37 AM, Tim Platten
<ti...@deutsche-boerse.com> wrote:
>
> We need to authenticate that a client is connecting from a known list of
> acceptable IP addresses (for that particular client). We would then maintain
> a list of valid IP addresses per client (username).
>

IMO the preferred solution is to use firewall rules.
But sometimes it may not be possible.
The java broker implements a similar feature if it really needs to be
done at the broker level.
http://qpid.apache.org/ip-whitelisting.html

Looking at the above it seems that we could possibly handle the above
with an extension in the ACL mechanism itself.
The ACL already have code for allow/deny per user/group. So extending
that should be fairly simple.

Regards,

Rajith

> Carl Trieloff wrote:
>>
>> Tim Platten wrote:
>>> Hi,
>>>
>>> We have a requirement for the Qpid broker to simply authenticate a client
>>> connection using username, password and remote IP address(es). Any
>>> suggestions about how we might go about this? Kerberos is not an option.
>>>
>>>
>>
>> Can you explain the "remote IP address(s)" requirement?
>>
>> Carl.
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project:      http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>>
>
> --
> View this message in context: http://n2.nabble.com/Remote-IP-authentication-tp4126382p4126638.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>



-- 
Regards,

Rajith Attapattu
Red Hat
http://rajith.2rlabs.com/

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

Re: Remote IP authentication

Posted by Tim Platten <ti...@deutsche-boerse.com>.

We need to authenticate that a client is connecting from a known list of
acceptable IP addresses (for that particular client). We would then maintain
a list of valid IP addresses per client (username).


Carl Trieloff wrote:
> 
> Tim Platten wrote:
>> Hi,
>>
>> We have a requirement for the Qpid broker to simply authenticate a client
>> connection using username, password and remote IP address(es). Any
>> suggestions about how we might go about this? Kerberos is not an option.
>>
>>   
> 
> Can you explain the "remote IP address(s)" requirement?
> 
> Carl.
> 
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
> 
> 
> 

-- 
View this message in context: http://n2.nabble.com/Remote-IP-authentication-tp4126382p4126638.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

Re: Remote IP authentication

Posted by Carl Trieloff <cc...@redhat.com>.

Tim Platten wrote:
> Hi,
>
> We have a requirement for the Qpid broker to simply authenticate a client
> connection using username, password and remote IP address(es). Any
> suggestions about how we might go about this? Kerberos is not an option.
>
>   

Can you explain the "remote IP address(s)" requirement?

Carl.

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

Re: Remote IP authentication

Posted by Tim Platten <ti...@deutsche-boerse.com>.

Thanks all for responding.

I should have mentioned that this is for the C++ broker.

Tim



Marnie McCormack wrote:
> 
> Hi Tim,
> 
> The whitelisting/broker firewall rules on the Java Broker would do this
> for
> you.
> 
> You can read all about it here:
> 
> http://qpid.apache.org/firewall-configuration.html
> 
> Regards,
> Marnie
> 
> On Mon, Dec 7, 2009 at 2:48 PM, Tim Platten <
> tim.platten.ext@deutsche-boerse.com> wrote:
> 
>>
>> Hi,
>>
>> We have a requirement for the Qpid broker to simply authenticate a client
>> connection using username, password and remote IP address(es). Any
>> suggestions about how we might go about this? Kerberos is not an option.
>>
>> TIA,
>>
>> Tim
>> --
>> View this message in context:
>> http://n2.nabble.com/Remote-IP-authentication-tp4126382p4126382.html
>> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project:      http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
> 
> 

-- 
View this message in context: http://n2.nabble.com/Remote-IP-authentication-tp4126382p4131033.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

Re: Remote IP authentication

Posted by Marnie McCormack <ma...@googlemail.com>.

Hi Tim,

The whitelisting/broker firewall rules on the Java Broker would do this for
you.

You can read all about it here:

http://qpid.apache.org/firewall-configuration.html

Regards,
Marnie

On Mon, Dec 7, 2009 at 2:48 PM, Tim Platten <
tim.platten.ext@deutsche-boerse.com> wrote:

>
> Hi,
>
> We have a requirement for the Qpid broker to simply authenticate a client
> connection using username, password and remote IP address(es). Any
> suggestions about how we might go about this? Kerberos is not an option.
>
> TIA,
>
> Tim
> --
> View this message in context:
> http://n2.nabble.com/Remote-IP-authentication-tp4126382p4126382.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>