[zeromq-dev] Is ZMQ_PLAIN authentication supposed to do anything?
Min RK
benjaminrk at gmail.com
Mon Sep 2 19:34:34 CEST 2013
On Sep 2, 2013, at 9:25, Pieter Hintjens <ph at imatix.com> wrote:
> MinRK,
>
> I've just pushed a patch that fixes authentication for PLAIN and
> CURVE, and updated the test cases to match.
>
> It all works as expected... :-)
>
> One thing about CURVE authentication; client keys are passed to the
> ZAP handler as 32 binary bytes. I'm wondering whether it would be
> nicer to pass Z85 text strings instead, as everything else in ZAP is
> text. I expect keysstored in databases and files to be in Z85, not
> binary... any thoughts?
I would leave it as bytes, personally. To me, z85 is convenience format for humans / text-only storage. If the keystore stores keys that are not raw, I would expect the zap_handler to be responsible for the conversions.
>
> -Pieter
>
>
> On Sun, Sep 1, 2013 at 7:14 PM, Pieter Hintjens <ph at imatix.com> wrote:
>> That seems the simplest and cleanest result. We'll get authentication
>> failed events via the ZAP handler, and we might see connection failed
>> event at the client side too (via context monitor) but these should be
>> invisible to message processing.
>>
>> -Pieter
>>
>> On Fri, Aug 30, 2013 at 11:50 PM, MinRK <benjaminrk at gmail.com> wrote:
>>>
>>>
>>>
>>> On Fri, Aug 30, 2013 at 1:37 PM, Pieter Hintjens <ph at imatix.com> wrote:
>>>>
>>>> On Thu, Aug 29, 2013 at 1:32 AM, MinRK <benjaminrk at gmail.com> wrote:
>>>>
>>>>> Thanks. By closed, you mean the connecting peer (client) should be
>>>>> closed,
>>>>> or the inner pipe on the server side? What should be the user-visible
>>>>> symptoms of failed authentication, both on the client side and the
>>>>> server
>>>>> side, if any? I'm looking to add a failed-auth test to test_security,
>>>>> but it
>>>>> is unclear to me what the expected behavior is. Is the symptom only
>>>>> that
>>>>> messages sent do not arrive, or should sending a message not succeed in
>>>>> the
>>>>> first place?
>>>>
>>>> I think the net result of a failed authentication should be the same
>>>> as if there was no network connection; no pipes created on either side
>>>> of the connection, and no route to or from the unauthenticated client.
>>>
>>>
>>> Thanks - so as far as the connecter is concerned, it is as if the peer is
>>> unavailable,
>>> and for the binder, it is as if nobody connected.
>>>
>>>>
>>>>
>>>> -Pieter
>>>> _______________________________________________
>>>> zeromq-dev mailing list
>>>> zeromq-dev at lists.zeromq.org
>>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>>
>>>
>>>
>>> _______________________________________________
>>> zeromq-dev mailing list
>>> zeromq-dev at lists.zeromq.org
>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
More information about the zeromq-dev
mailing list