Bug 505593 - Feature: single-user mode or ability to prevent clients other than mgmt tool to connect to broker
Feature: single-user mode or ability to prevent clients other than mgmt tool ...
Status: NEW
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
1.0
All Linux
low Severity medium
: ---
: ---
Assigned To: Andrew Stitcher
MRG Quality Engineering
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-12 10:37 EDT by Gordon Sim
Modified: 2014-06-17 13:51 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gordon Sim 2009-06-12 10:37:13 EDT
It would be very useful to be able to start the broker in a mode whereby only a configuration process was able to connect to it and it remained inaccessible to other clients until configuration (e.g. queue creation and binding, cluster nodes joining etc) was complete.
Comment 1 Andrew Stitcher 2009-06-12 12:33:12 EDT
I think there are 2 necessary things here:

1. Limit the protocol or interface that connections are accepted on:

So in this mode we'd on accept connections say from localhost or a unix domain socket (when we implement that)

2. Use ACLs to limit access to only a user authenticated apropriately.

These things would also need to happen dynamically, so that restarting the broker wouldn't be necessary.

I think that 2 is probably possible, but not dynamically.

1 would need to implemented and to be made dynamic.
Comment 2 Gordon Sim 2013-07-08 04:07:36 EDT
(In reply to Andrew Stitcher from comment #1)
> I think there are 2 necessary things here:
> 
> 1. Limit the protocol or interface that connections are accepted on:
> 
> So in this mode we'd on accept connections say from localhost or a unix
> domain socket (when we implement that)
> 
> 2. Use ACLs to limit access to only a user authenticated apropriately.
> 
> These things would also need to happen dynamically, so that restarting the
> broker wouldn't be necessary.
> 
> I think that 2 is probably possible, but not dynamically.
> 
> 1 would need to implemented and to be made dynamic.

I don't think 1 is essential here, though it may be nice to have. 

The HA module does something quite similar here. Backups reject all but management clients (though they do so by a special connection option rather than authenticated user - however that option is I think protected by ACL).

I.e. have mode in which the broker rejects all connections except those identified as management clients (this could indeed be via a special 'access broker in management-mode' permission; have a command line flag to cause the broker to 'boot' into that mode; have a management command to move from that mode into normal mode.

Note You need to log in before you can comment on or make changes to this bug.