Indeed, this is not one of the mechanisms we made, but since it's extensible, I'd expect people to add more mechanisms over time.
I'll write a small guide to doing this at some stage. The starting point would be to take the RFC for PLAIN, expand on that, and then take the plain_mechanism.cpp class in libzmq and expand on that. -Pieter On Fri, Sep 20, 2013 at 12:51 PM, Diego Duclos <[email protected]> wrote: > After reading through: It seems that, by design, there isn't any way to > securely authenticate someone using purely a username and a password (akin > to SRP for example). > Seeing as the security layer in ZMQ is extensible, is this something that is > possible to add in ? > > > On Fri, Sep 20, 2013 at 10:04 AM, Pieter Hintjens <[email protected]> wrote: >> >> On Fri, Sep 20, 2013 at 9:43 AM, Laurent Alebarde <[email protected]> >> wrote: >> >> > One question please : In the Iron House, does the authenticator use some >> > metadata to open directly the right client's certificate, or does it try >> > everyone until it finds a match ? >> >> It looks for a match on the client public key. The metadata will (not >> yet implemented) be available to the application so it knows where a >> message came from. >> >> > Otherwise, if we have thousands certificates and a lot of clients >> > connecting >> > together, we may have a race. I don't know what is the criticity here. >> >> There's no chance of a race. Every client public key is unique and you >> can store any number of certificates in a suitable database (CZMQ uses >> an in-memory hash table but this is just one possibility). >> >> -Pieter >> >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
