Hi Bruno, I do not think there is such option on the C++ broker right now. When we needed to achieve something similar with our brokers, we used following workaround ...
1) We configured the broker to use one port for PLAIN connections and another one for SSL 2) We restricted the SSL port to use only SSL Client Authentication 3) We used the PLAIN authentication for the administration users and the SSL Client Authentication for the normal clients 4) We used iptables to restrict the PLAIN port to be available only from the administration network and the SSL port to be available from the client network 5) We created the admin users in the SASL database 6) We created the normal clients in the NSS database As a result, the normal clients see only the SSL port where they cannot connect using username/password but only with certificates. It is not perfect, but it helped us to get the approval from our security department. Regards Jakub PS: There is a JIRA for this problem entered a long time ago by one of my colleagues ... QPID-2305 PS2: The Java broker already has such feature, but from your previous emails I understood that you are using the C++ broker ... On Wed, Apr 3, 2013 at 4:23 PM, Bruno Matos <[email protected]>wrote: > Hello, > > Is it possible to restrict the source IP address or network for a given > user/group? I want to restrict the admin group connections to my local > network. > > Thank you. > > -- > Bruno Matos > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
