[zeromq-dev] CURVE authentication hook for zauth agent

Pieter Hintjens ph at imatix.com
Wed Jun 17 21:28:46 CEST 2015


You can in fact write your own authentication handler, in C, and link
it with libzmq. We use a protocol called ZAP; you can make a simple
bridge that talks to an external handler in a different language. So,
not using zauth at all, and instead writing something equivalent that
does more what you need.

On Wed, Jun 17, 2015 at 9:02 PM, Chuck Price <chuck at peloton-tech.com> wrote:
> My application needs to support authentication of 100’s of thousands of clients. I’m uncomfortable with having to manage this many client certs in a directory, as well as the cost in file operations to load these certs into my app.
>
> A solution that would work for me is to be able to register an authentication hook function with zauth, which would call back to my code for authentication. I imagine a new message to the zauth agent, something like
> “AUTH_HOOK”, passing a pointer to my function which would take the client key as a parameter, and return a bool (true if allowed, false if denied).
>
> A typical implementation might be for my function to look up the key in, say, Redis, or some other database.
>
> Thoughts? One consideration that immediately leaps out as a problem is cross-language support for such an API.
>
> Thanks,
>
> -chuck
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev



More information about the zeromq-dev mailing list