After reading through: It seems that, by design, there isn't any way to securely authenticate someone using purely a username and a password (akin to SRP for example). Seeing as the security layer in ZMQ is extensible, is this something that is possible to add in ?
On Fri, Sep 20, 2013 at 10:04 AM, Pieter Hintjens <[email protected]> wrote: > On Fri, Sep 20, 2013 at 9:43 AM, Laurent Alebarde <[email protected]> > wrote: > > > One question please : In the Iron House, does the authenticator use some > > metadata to open directly the right client's certificate, or does it try > > everyone until it finds a match ? > > It looks for a match on the client public key. The metadata will (not > yet implemented) be available to the application so it knows where a > message came from. > > > Otherwise, if we have thousands certificates and a lot of clients > connecting > > together, we may have a race. I don't know what is the criticity here. > > There's no chance of a race. Every client public key is unique and you > can store any number of certificates in a suitable database (CZMQ uses > an in-memory hash table but this is just one possibility). > > -Pieter > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev >
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
