[zeromq-dev] Getting connection info from pipe_t?

Pieter Hintjens ph at imatix.com
Sat Nov 17 23:09:36 CET 2012


On Sun, Nov 18, 2012 at 3:44 AM, Merijn Verstraaten
<merijn at inconsistent.nl> wrote:

> Identities aren't what I want, as I actually want to build some type of
> verification of identities.

There is ZMQ_TCP_ACCEPT_FILTER but probably not quite right.

Verification based on endpoint address is pretty poor; what you want
is authentication based on some application-level identity (user,
etc.)

For one-way patterns (pub/sub, push/pull), this is simply not possible
as there's no route to send any data from receiver to sender.

For two-way patterns (dealer/router), this is similar to
authentication in any protocol. The client connects to server and
sends its identity; the server accepts or rejects.  You need some kind
of command framing and some state machine in both sides that handles
failures and reconnections.

I'm starting to use SASL (simple authentication and security layer) as
the basis for this. If that's too complex there are simpler
approaches.

See http://zguide.zeromq.org/page:all#Authentication-using-SASL for an example.

-Pieter



More information about the zeromq-dev mailing list