[zeromq-dev] Pub/Sub questions

Thomas S Hatch thatch45 at gmail.com
Tue Jul 19 06:34:51 CEST 2011

On Mon, Jul 18, 2011 at 12:37 PM, Marc Ilgen <marc at westofpluto.com> wrote:

> Hello
> Suppose I set up a client/server system with SUB and PUB sockets. I want
> the
> client to have to authenticate its ability to subscribe and I want the
> server to have the ability to unsubscribe a specific named client in the
> case that the client's subscription credentials expire or become invalid
> for
> any reason.
> How can I do this? The only way I can think of to subscribe is to have the
> client connect to the server in a REQ/REP fashion and send authenticate
> information that way. But I can't see how a PUB socket can drop a
> subscriber. Any ideas?
> ----------------------------------------------------------------------------
> ------
> Marc Ilgen
> marc at westofpluto.com
Hi Marc, if you are interested in how to do this check out the Salt code:

It uses RSA keys for authentication and then AES for inline encryption, all
via a ZeroMQ PUB/SUB system.

I don't know what you are planning on building but you could skip the hard
part of setting up the encryption system and just use or extend Salt.

Also the master terminating the minion connection, Salt can do that but it
is a little tricky. You would need to delete the authorized minion public
key from the master and then restart the master daemon. When the master
daemon is restarted the minions automatically reconnect to the publisher,
but the AES key on the master is regenerated, this prompts
a re-authentication from the minions and the now unauthenticated minion will
fail to authenticate and not be given the new AES key used inline
encryption. This will disallow the minion from reconnecting and it will

Hope that helps you!

-Thomas S Hatch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20110718/f5228696/attachment.htm>

More information about the zeromq-dev mailing list