Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-2305

Remote IP authentication

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.29
    • C++ Broker
    • None

    Description

      We require a feature that allows to restrict on user level the IP addresses from which a user is allowed to connect.
      Multiple addresses in CIDR notation are possible per user.

      We propose the following solution via rules in the ACL file (see also attached modified source code):

      acl <permission>

      {<group-name>|<user-name>|"all"}

      create connection network=<network>

      where <network> is a comma separated list of addresses nnn.nnn.nnn.nnn[/nn]

      E.g.
      acl allow bob@QPID create connection network=192.168.1.0/24

      The request has also been reported as service request no 1981258 at Red Hat's support system.

      Attachments

        1. acldata.cpp
          11 kB
          Armin Noll
        2. acldata.h
          3 kB
          Armin Noll
        3. aclmodule.h
          10 kB
          Armin Noll
        4. connectionhandler.cpp
          10 kB
          Armin Noll

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. QPID-4947 C++ Broker could use ACL to restrict hosts from which a user may connect

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              xeop-nollarm Armin Noll
              Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: