Hello, Because of new recommendation asked by our Security officer, we must add secure authentication to access rabbitmq. To do that, we are experiencing the usage of ldap plugin with a .Net client in front of it, but I I’m quite surprise to be forced to send the windows user password to the rabbitmq server in order for it to check the identity of the user as it seems to be a very bad security practice to ask for the already authenticated user its password and reuse it, and also my security officer will not validate that kind of solution. Is there a way to only check that the user is already authenticated without explicit login/password using ldap authentication ? Best regards Gabriel DAUSQUE Expert SI Meteor FPR Tel : 01 56 65 66 68 Mail : [hidden email] ___________________________________________________________________ This message (including any attachments) and its content are confidential, meant solely for the addressees. _______________________________________________ rabbitmq-discuss mailing list [hidden email] https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss |
I think you are asking for SSO integration with a logged in Windows
user? I'm afraid RabbitMQ doesn't support that. Cheers, Simon On 10/12/13 19:12, [hidden email] wrote: > Hello, > > Because of new recommendation asked by our Security officer, we must add > secure authentication to access rabbitmq. > > To do that, we are experiencing the usage of ldap plugin with a .Net > client in front of it, but I I’m quite surprise to be forced to send the > windows user password to the rabbitmq server in order for it to check > the identity of the user as it seems to be a very bad security practice > to ask for the already authenticated user its password and reuse it, and > also my security officer will not validate that kind of solution. > > Is there a way to only check that the user is already authenticated > without explicit login/password using ldap authentication ? > > Best regards > > Gabriel DAUSQUE > > Expert SI Meteor FPR > > Tel : 01 56 65 66 68 > > Mail : [hidden email] > > ___________________________________________________________________ > > This message (including any attachments) and its content are > confidential, meant solely for the addressees. > The views expressed in this message are those of its author and do not > necessarily represent the opinion of GDF SUEZ Trading. > If you are not the intended recipient please notify the sender > immediately and destroy this e-mail. > Any unauthorised copying, use, disclosure or distribution of the content > of this e-mail is strictly forbidden. > GDF SUEZ Trading shall not be liable for the message if altered, changed > or falsified or computer virus contained. > ___________________________________________________________________ > > > > _______________________________________________ > rabbitmq-discuss mailing list > [hidden email] > https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss > -- Simon MacMullen RabbitMQ, Pivotal _______________________________________________ rabbitmq-discuss mailing list [hidden email] https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss |
Yep that's right.
It's for SSO integration. Ok if it is not supported, we might find another solution ! thanks Cordialement Gabriel DAUSQUE Expert SI Meteor FPR Tel : 01 56 65 66 68 Mail : [hidden email] -----Original Message----- From: Simon MacMullen [mailto:[hidden email]] Sent: Wednesday, December 11, 2013 11:27 AM To: Discussions about RabbitMQ Cc: Dausque Gabriel (GDF SUEZ Trading SAS) Subject: Re: [rabbitmq-discuss] using rabbitmq with active directory without sending password. I think you are asking for SSO integration with a logged in Windows user? I'm afraid RabbitMQ doesn't support that. Cheers, Simon On 10/12/13 19:12, [hidden email] wrote: > Hello, > > Because of new recommendation asked by our Security officer, we must > add secure authentication to access rabbitmq. > > To do that, we are experiencing the usage of ldap plugin with a .Net > client in front of it, but I I'm quite surprise to be forced to send > the windows user password to the rabbitmq server in order for it to > check the identity of the user as it seems to be a very bad security > practice to ask for the already authenticated user its password and > reuse it, and also my security officer will not validate that kind of solution. > > Is there a way to only check that the user is already authenticated > without explicit login/password using ldap authentication ? > > Best regards > > Gabriel DAUSQUE > > Expert SI Meteor FPR > > Tel : 01 56 65 66 68 > > Mail : [hidden email] > > ___________________________________________________________________ > > This message (including any attachments) and its content are > confidential, meant solely for the addressees. > The views expressed in this message are those of its author and do not > necessarily represent the opinion of GDF SUEZ Trading. > If you are not the intended recipient please notify the sender > immediately and destroy this e-mail. > Any unauthorised copying, use, disclosure or distribution of the > content of this e-mail is strictly forbidden. > GDF SUEZ Trading shall not be liable for the message if altered, > changed or falsified or computer virus contained. > ___________________________________________________________________ > > > > _______________________________________________ > rabbitmq-discuss mailing list > [hidden email] > https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss > -- Simon MacMullen RabbitMQ, Pivotal ___________________________________________________________________ This message (including any attachments) and its content are confidential, meant solely for the addressees. The views expressed in this message are those of its author and do not necessarily represent the opinion of GDF SUEZ Trading. If you are not the intended recipient please notify the sender immediately and destroy this e-mail. Any unauthorised copying, use, disclosure or distribution of the content of this e-mail is strictly forbidden. GDF SUEZ Trading shall not be liable for the message if altered, changed or falsified or computer virus contained. ___________________________________________________________________ _______________________________________________ rabbitmq-discuss mailing list [hidden email] https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss |
This post has NOT been accepted by the mailing list yet.
In reply to this post by Simon MacMullen-2
Has this answer changed? There must be a way to do this by now...
Thanks |
Free forum by Nabble | Edit this page |