[zeromq-dev] Authenticate a given client connection
Pieter Hintjens
ph at imatix.com
Thu Mar 14 09:08:46 CET 2013
Hi Alexandre,
You could authenticate using the client identity but it's all in plain
text. Disconnects/reconnects will then be invisible. As long as the
client keeps whatever state is needed to continue the conversation,
you don't need to reauthenticate.
A better answer would be to use properly secure authentication. It's
an area we're working on, see http://hintjens.com/blog:34
-Pieter
On Wed, Mar 13, 2013 at 3:29 PM, Alexandre Fromage <alex at taxistop.com> wrote:
> Dear all,
>
> A more appropriate subject would have been “Associate an identity to a given
> client”, but “Identity” has a specific (close) meaning for ZeroMQ.
>
> I have a ROUTER and I would like, at application level to associate each
> client (DEALER) generated id to an application context. For example,
> associate, for the time of the connection,
>
> the ZeroMQ auto-generated connection id to a given user account.
>
> It is in itselft easy to do, but:
>
> each time there is a disconnection/reconnection (may happen a lot) I need to
> immediately re-authenticate the client when it reconnects. However, it needs
> to happen
>
> before the client resends all its outstanding requests to the server (which
> are queued within the DEALER).
>
> Right now, I can only think of two things, either:
>
> -discard all messages which come when the client is not yet re-authenticated
> (a bit extreme and consumes bandwidth for nothing).
>
> -modify the Zmq protocol to enforce authentication when connection is
> (re)established.
>
> I believe I cannot use ZeroMQ identities as my clients have constantly
> changing addresses.
>
>
>
> Do you think any of those possibilities make sense?
>
> Any suggestion?
>
>
>
> Thank you,
>
>
>
> Kind regards,
>
>
>
> Alex
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
More information about the zeromq-dev
mailing list