[zeromq-dev] Authentication with curve

Drew Crawford drew at sealedabstract.com
Tue Dec 31 19:08:14 CET 2013


I think I can supply a patch that is at least good enough to get cleaned up and merged by a zmq dev.  The open question at this point is which way the correlation should get resolved.  One possibility is to populate the ZAP identity with the router identity instead of the empty string.  Another possibility is to populate the userid from ZAP somewhere in the router.  There are other possibilities that have not occurred to me.  

I know enough to make a run at any of these, but not enough to identify the best solution from the set of options.  I’m hoping a dev can pop out of the woodwork and identify which solution is the one that should be tried.

Drew
On Dec 31, 2013, at 11:51 AM, Nicolas Delaby <ticosax at free.fr> wrote:

> On 12/31/2013 06:30 PM, Drew Crawford wrote:
>> Hi Nicolas,
>> 
>> I’m reasonably sure we have the same problem, and I’ve gotten somewhat further along without solving it.  We may want to compare notes.  Take a look at my thread "How do I find out which ZAP user I'm talking to?”.
> 
> Hi Drew,
> Yes indeed, we are facing same issue.
> So far I'm using an ugly hack assuming that the immediate next recv() 
> contains the identity of the peer I just authorized within my 
> zap_handler. This code is not used yet on production, so I believe it 
> works only by chance. I wanted to have confirmation from zeromq dev.
> 
> My attitude on open-source project is to come with a pull request when 
> my needs are not fulfilled. But unfortunately C++ is way far beyond my 
> skills. So I hope to find here new ideas I didn't thought about it.
> 
> Your testimony doesn't make me feel more confident :)
> 
> As an ultimate workaround I will probably fallback on zmq.PLAIN + stunnel.
> 
> Cheers,
> Nicolas
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev




More information about the zeromq-dev mailing list