Quantcast

using rabbitmq with active directory without sending password.

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

using rabbitmq with active directory without sending password.

GabrielD

Hello,

 

Because of new recommendation asked by our Security officer, we must add secure authentication to access rabbitmq.

 

To do that, we are experiencing the usage of ldap plugin with a .Net client in front of it, but I I’m quite surprise to be forced to send the windows user password to the rabbitmq server in order for it to check the identity of the user  as it seems to be a very bad security practice to ask for the already authenticated user its password and reuse it, and also my security officer will not validate that kind of solution.

 

Is there a way to only check that the user is already authenticated without explicit login/password using ldap authentication ?

 

Best regards

 

Gabriel DAUSQUE

Expert SI Meteor FPR

Tel : 01 56 65 66 68

Mail : [hidden email]

 

___________________________________________________________________

This message (including any attachments) and its content are confidential, meant solely for the addressees.
The views expressed in this message are those of its author and do not necessarily represent the opinion of GDF SUEZ Trading.
If you are not the intended recipient please notify the sender immediately and destroy this e-mail.
Any unauthorised copying, use, disclosure or distribution of the content of this e-mail is strictly forbidden.
GDF SUEZ Trading shall not be liable for the message if altered, changed or falsified or computer virus contained.
___________________________________________________________________


_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using rabbitmq with active directory without sending password.

Simon MacMullen-2
I think you are asking for SSO integration with a logged in Windows
user? I'm afraid RabbitMQ doesn't support that.

Cheers, Simon

On 10/12/13 19:12, [hidden email] wrote:

> Hello,
>
> Because of new recommendation asked by our Security officer, we must add
> secure authentication to access rabbitmq.
>
> To do that, we are experiencing the usage of ldap plugin with a .Net
> client in front of it, but I I’m quite surprise to be forced to send the
> windows user password to the rabbitmq server in order for it to check
> the identity of the user  as it seems to be a very bad security practice
> to ask for the already authenticated user its password and reuse it, and
> also my security officer will not validate that kind of solution.
>
> Is there a way to only check that the user is already authenticated
> without explicit login/password using ldap authentication ?
>
> Best regards
>
> Gabriel DAUSQUE
>
> Expert SI Meteor FPR
>
> Tel : 01 56 65 66 68
>
> Mail : [hidden email]
>
> ___________________________________________________________________
>
> This message (including any attachments) and its content are
> confidential, meant solely for the addressees.
> The views expressed in this message are those of its author and do not
> necessarily represent the opinion of GDF SUEZ Trading.
> If you are not the intended recipient please notify the sender
> immediately and destroy this e-mail.
> Any unauthorised copying, use, disclosure or distribution of the content
> of this e-mail is strictly forbidden.
> GDF SUEZ Trading shall not be liable for the message if altered, changed
> or falsified or computer virus contained.
> ___________________________________________________________________
>
>
>
> _______________________________________________
> rabbitmq-discuss mailing list
> [hidden email]
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>


--
Simon MacMullen
RabbitMQ, Pivotal
_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using rabbitmq with active directory without sending password.

GabrielD
Yep that's right.

It's for SSO integration. Ok if it is not supported, we might find another solution !

thanks

Cordialement

Gabriel DAUSQUE
Expert SI Meteor FPR
Tel : 01 56 65 66 68
Mail : [hidden email]

-----Original Message-----
From: Simon MacMullen [mailto:[hidden email]]
Sent: Wednesday, December 11, 2013 11:27 AM
To: Discussions about RabbitMQ
Cc: Dausque Gabriel (GDF SUEZ Trading SAS)
Subject: Re: [rabbitmq-discuss] using rabbitmq with active directory without sending password.

I think you are asking for SSO integration with a logged in Windows user? I'm afraid RabbitMQ doesn't support that.

Cheers, Simon

On 10/12/13 19:12, [hidden email] wrote:

> Hello,
>
> Because of new recommendation asked by our Security officer, we must
> add secure authentication to access rabbitmq.
>
> To do that, we are experiencing the usage of ldap plugin with a .Net
> client in front of it, but I I'm quite surprise to be forced to send
> the windows user password to the rabbitmq server in order for it to
> check the identity of the user  as it seems to be a very bad security
> practice to ask for the already authenticated user its password and
> reuse it, and also my security officer will not validate that kind of solution.
>
> Is there a way to only check that the user is already authenticated
> without explicit login/password using ldap authentication ?
>
> Best regards
>
> Gabriel DAUSQUE
>
> Expert SI Meteor FPR
>
> Tel : 01 56 65 66 68
>
> Mail : [hidden email]
>
> ___________________________________________________________________
>
> This message (including any attachments) and its content are
> confidential, meant solely for the addressees.
> The views expressed in this message are those of its author and do not
> necessarily represent the opinion of GDF SUEZ Trading.
> If you are not the intended recipient please notify the sender
> immediately and destroy this e-mail.
> Any unauthorised copying, use, disclosure or distribution of the
> content of this e-mail is strictly forbidden.
> GDF SUEZ Trading shall not be liable for the message if altered,
> changed or falsified or computer virus contained.
> ___________________________________________________________________
>
>
>
> _______________________________________________
> rabbitmq-discuss mailing list
> [hidden email]
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>


--
Simon MacMullen
RabbitMQ, Pivotal
___________________________________________________________________

This message (including any attachments) and its content are confidential, meant solely for the addressees.
The views expressed in this message are those of its author and do not necessarily represent the opinion of GDF SUEZ Trading.
If you are not the intended recipient please notify the sender immediately and destroy this e-mail.
Any unauthorised copying, use, disclosure or distribution of the content of this e-mail is strictly forbidden.
GDF SUEZ Trading shall not be liable for the message if altered, changed or falsified or computer virus contained.
___________________________________________________________________

_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using rabbitmq with active directory without sending password.

anderkh
This post has NOT been accepted by the mailing list yet.
In reply to this post by Simon MacMullen-2
Has this answer changed?  There must be a way to do this by now...

Thanks
Loading...