Bug 505593
Summary: | Feature: single-user mode or ability to prevent clients other than mgmt tool to connect to broker | ||
---|---|---|---|
Product: | Red Hat Enterprise MRG | Reporter: | Gordon Sim <gsim> |
Component: | qpid-cpp | Assignee: | Andrew Stitcher <astitcher> |
Status: | CLOSED WONTFIX | QA Contact: | MRG Quality Engineering <mrgqe-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 1.0 | CC: | astitcher, fhirtz, jross |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-22 14:34:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Gordon Sim
2009-06-12 14:37:13 UTC
I think there are 2 necessary things here: 1. Limit the protocol or interface that connections are accepted on: So in this mode we'd on accept connections say from localhost or a unix domain socket (when we implement that) 2. Use ACLs to limit access to only a user authenticated apropriately. These things would also need to happen dynamically, so that restarting the broker wouldn't be necessary. I think that 2 is probably possible, but not dynamically. 1 would need to implemented and to be made dynamic. (In reply to Andrew Stitcher from comment #1) > I think there are 2 necessary things here: > > 1. Limit the protocol or interface that connections are accepted on: > > So in this mode we'd on accept connections say from localhost or a unix > domain socket (when we implement that) > > 2. Use ACLs to limit access to only a user authenticated apropriately. > > These things would also need to happen dynamically, so that restarting the > broker wouldn't be necessary. > > I think that 2 is probably possible, but not dynamically. > > 1 would need to implemented and to be made dynamic. I don't think 1 is essential here, though it may be nice to have. The HA module does something quite similar here. Backups reject all but management clients (though they do so by a special connection option rather than authenticated user - however that option is I think protected by ACL). I.e. have mode in which the broker rejects all connections except those identified as management clients (this could indeed be via a special 'access broker in management-mode' permission; have a command line flag to cause the broker to 'boot' into that mode; have a management command to move from that mode into normal mode. |