Re: [mosquitto-dev] Accepting connection based on client's certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Accepting connection based on client's certificate

From: Greg Troxel <gdt@xxxxxxxxxx>
Date: Tue, 29 Oct 2019 10:48:29 -0400
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
Openpgp: id=098ED60E
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (berkeley-unix)

Looking at how to have external authentication or authorization
processes, forking shell scripts seems really suboptimal.  You might
look at how dovecot makes its sasl database available to others via a
unix-domain socket.  That allows a coprocess that isn't
starting/stopping and having to read the db all the time.  This is also
sort of like the milter interface for spam/virus filtering.

More generally, it seems like a plugin architecture might eventually be needed.

(I am assuming that since you care about security so much you aren't
using Windows, and hence that unix-domain sockets are available.)

Follow-Ups:
- Re: [mosquitto-dev] Accepting connection based on client's certificate
  - From: Jan Lukavský

References:
- [mosquitto-dev] Accepting connection based on client's certificate
  - From: Jan Lukavský
- Re: [mosquitto-dev] Accepting connection based on client's certificate
  - From: Greg Troxel
- Re: [mosquitto-dev] Accepting connection based on client's certificate
  - From: Jan Lukavský
- Re: [mosquitto-dev] Accepting connection based on client's certificate
  - From: Greg Troxel
- Re: [mosquitto-dev] Accepting connection based on client's certificate
  - From: Jan Lukavský
- Re: [mosquitto-dev] Accepting connection based on client's certificate
  - From: Greg Troxel
- Re: [mosquitto-dev] Accepting connection based on client's certificate
  - From: Jan Lukavský

Prev by Date: Re: [mosquitto-dev] Accepting connection based on client's certificate
Next by Date: Re: [mosquitto-dev] Accepting connection based on client's certificate
Previous by thread: Re: [mosquitto-dev] Accepting connection based on client's certificate
Next by thread: Re: [mosquitto-dev] Accepting connection based on client's certificate
Index(es):
- Date
- Thread

Breadcrumbs