Bug 505593 - Feature: single-user mode or ability to prevent clients other than mgmt tool to connect to broker
Summary: Feature: single-user mode or ability to prevent clients other than mgmt tool ...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp
Version: 1.0
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
: ---
Assignee: Andrew Stitcher
QA Contact: MRG Quality Engineering
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-06-12 14:37 UTC by Gordon Sim
Modified: 2020-05-22 14:34 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-22 14:34:57 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Gordon Sim 2009-06-12 14:37:13 UTC
It would be very useful to be able to start the broker in a mode whereby only a configuration process was able to connect to it and it remained inaccessible to other clients until configuration (e.g. queue creation and binding, cluster nodes joining etc) was complete.

Comment 1 Andrew Stitcher 2009-06-12 16:33:12 UTC
I think there are 2 necessary things here:

1. Limit the protocol or interface that connections are accepted on:

So in this mode we'd on accept connections say from localhost or a unix domain socket (when we implement that)

2. Use ACLs to limit access to only a user authenticated apropriately.

These things would also need to happen dynamically, so that restarting the broker wouldn't be necessary.

I think that 2 is probably possible, but not dynamically.

1 would need to implemented and to be made dynamic.

Comment 2 Gordon Sim 2013-07-08 08:07:36 UTC
(In reply to Andrew Stitcher from comment #1)
> I think there are 2 necessary things here:
> 
> 1. Limit the protocol or interface that connections are accepted on:
> 
> So in this mode we'd on accept connections say from localhost or a unix
> domain socket (when we implement that)
> 
> 2. Use ACLs to limit access to only a user authenticated apropriately.
> 
> These things would also need to happen dynamically, so that restarting the
> broker wouldn't be necessary.
> 
> I think that 2 is probably possible, but not dynamically.
> 
> 1 would need to implemented and to be made dynamic.

I don't think 1 is essential here, though it may be nice to have. 

The HA module does something quite similar here. Backups reject all but management clients (though they do so by a special connection option rather than authenticated user - however that option is I think protected by ACL).

I.e. have mode in which the broker rejects all connections except those identified as management clients (this could indeed be via a special 'access broker in management-mode' permission; have a command line flag to cause the broker to 'boot' into that mode; have a management command to move from that mode into normal mode.


Note You need to log in before you can comment on or make changes to this bug.