thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurens Van Houtven <...@laurensvh.be>
Subject Authentication with Thrift + txAMQP + txThrift
Date Wed, 08 Jul 2009 00:56:27 GMT
Hey :-)


It seems like talking about txAMQP+txThrift is all the rage on this
mailing list nowadays (and I'm not surprised, it's awesome!), so
here's some more :-)

If you don't care about GPS tracking and/or don't know what
'Breadcrumb' is, you might want to skip this paragraph:
For people who are waiting on things to happen for Breadcrumb, come
visit #breadcrumb on irc.freenode.net. Yes, it's being delayed a lot,
but that's because the vast majority of work isn't happening in
Breadcrumb itself, but in the Twisted GPS interfaces. Development *is*
happening, it's just not happening in the Breadcrumb repositories.
Because the existing twisted.protocols.gps provides a terrible API,
the new code is being put into twisted (and the old api is being
deprecated). So development hasn't stopped, but it's just Twisted
development for now instead of Breadcrumb development ;-)

I'm porting non-asynchronous non-Thrift code to txThrift/txAMQP, and
I'm wondering about authentication mechanisms. Previously, I did
authentication with pre-shared SSL certificates. This was possible
because I connected directly to the servers instead of the message
broker in the middle.

I can open SSL connections to the RabbitMQ server, and the RabbitMQ
server can open SSL connections to my backends (I think) through
stunnel. This means that my backends (AMQP consumers) never see
SSL/TLSed data that comes from my AMQP producers -- so I can't get
their client certs.

I think this means I need some form of authentication in the Thrift
message itself. Assuming that someone is already doing this, how does
yours work?

There are a number of possibilities. I think that having RabbitMQ mess
with the message contents would probably be a bad idea (not to mention
impossible). Since stunnel is doing the actual heavy lifting, it
probably isn't realistic to put information about the client's SSL
certificate in the message.

One suggestion by JP Calderone in the #twisted channel on freenode is
to use onioning, eg encrypt the *Thrift* message with GPG or SSL or
whatever and then not care about the AMQP part being unencrypted. I'm
not sure how this would work with txThrift, but Twisted's SSL
implementation apparently has recently (in the last few days) acquired
memory bios support, so this is _technically_ feasible.

Another suggestion (I'm still not sure how serious it was) was to use
Divmod Vertex, to do the actual transport up to the AMQP server (or
even use Vertex to bypass AMQP entirely) but that doesn't sound like
an awesome idea because unlike AMQP Divmod Vertex doesn't work with
any languages besides Python yet (in fact, it doesn't *reeaaallly*
work with Python either). Having Thrift support umpteen languages and
having AMQP (language agnostic) is kind of pointless when one step in
the chain ties you to Python...

thanks in advance for your thoughts and insights :-)
Laurens

Mime
View raw message