Return-Path: X-Original-To: apmail-qpid-users-archive@www.apache.org Delivered-To: apmail-qpid-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6E4E69A40 for ; Mon, 3 Oct 2011 17:42:29 +0000 (UTC) Received: (qmail 96280 invoked by uid 500); 3 Oct 2011 17:42:29 -0000 Delivered-To: apmail-qpid-users-archive@qpid.apache.org Received: (qmail 96260 invoked by uid 500); 3 Oct 2011 17:42:29 -0000 Mailing-List: contact users-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@qpid.apache.org Delivered-To: mailing list users@qpid.apache.org Received: (qmail 96252 invoked by uid 99); 3 Oct 2011 17:42:29 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Oct 2011 17:42:28 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of fraser.adams@blueyonder.co.uk designates 81.103.221.48 as permitted sender) Received: from [81.103.221.48] (HELO mtaout02-winn.ispmail.ntl.com) (81.103.221.48) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Oct 2011 17:42:20 +0000 Received: from know-smtpout-4.server.virginmedia.net ([62.254.123.3]) by mtaout02-winn.ispmail.ntl.com (InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id <20111003174158.ZMBW17426.mtaout02-winn.ispmail.ntl.com@know-smtpout-4.server.virginmedia.net> for ; Mon, 3 Oct 2011 18:41:58 +0100 Received: from [82.33.36.91] (helo=[192.168.1.4]) by know-smtpout-4.server.virginmedia.net with esmtpa (Exim 4.63) (envelope-from ) id 1RAmWc-000399-6f for users@qpid.apache.org; Mon, 03 Oct 2011 18:41:58 +0100 Message-ID: <4E89F3E9.9040601@blueyonder.co.uk> Date: Mon, 03 Oct 2011 18:42:01 +0100 From: Fraser Adams User-Agent: Thunderbird 2.0.0.24 (X11/20101027) MIME-Version: 1.0 To: users@qpid.apache.org Subject: Is it possible to set authentication to only authenticate consumers? References: <4E72452A.50709@blueyonder.co.uk> <4E7308E3.7080804@blueyonder.co.uk> <4E734780.30509@blueyonder.co.uk> <4E737ECC.2020509@redhat.com> <4E85EB31.5070602@blueyonder.co.uk> In-Reply-To: <4E85EB31.5070602@blueyonder.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Cloudmark-Analysis: v=1.1 cv=JvdXmxIgLJv2/GthKqHpGJEEHukvLcvELVXUanXFreg= c=1 sm=0 a=0ZzmyYADvgoA:10 a=8R-DJsnxLG8A:10 a=3NElcqgl2aoA:10 a=8nJEP1OIZ-IA:10 a=_8rezMZTw0GJwkYRKPMA:9 a=GQdyZr7MiLF_Vt8swOUA:7 a=wPNLvfGTeEIA:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117 Hi, I haven't done any work playing with authentication, so I'm curious - Is it possible to set authentication to only authenticate consumers so producers can connect in without needing authentication? Also is there a good tutorial for getting started with authentication - preferable something that starts with the basics to help a total authentication noob get something up and running quickly. My personal view was that I wanted to run our system in a "trust and verify" model where we'd audit connections, but some folks in my organisation are getting a bit twitchy about that, so I want to keep my options open. It's unfortunate as my system is sitting behind a firewall on a trusted network and I wanted to have a model that maximises business agility by allowing consumers to quickly subscribe to the data they need when they need it and do cool stuff with it. One of my biggest concerns about going down an authentication path is the administrative overhead of setting up and managing usernames/passwords. How do I do it so that it's not burdonsome to allow a new connection - especially if someone needs one in a hurry "out of hours". I guess the simple answer might be to have a single qpid-subscriber "account", but surely one account/password is little better than no authentication at all as anyone who knows this could easily set up another consumer client and subscribe to different data. MTIA Frase --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:users-subscribe@qpid.apache.org