On Jun 16, 10:03 am, Jon Cooper <[email protected]> wrote: > Right on. > > Let me note one thing: > > SASL authentication is a simple go/no go check that will let you connect, or > not, to a beanstalkd instance. > > There is no partitioning of queues by authenticated users. So every user can > access all queues.
I think that's a fine limitation that folks can live with or submit patches to rectify ;-). > > Changing this behavior would require modifying beanstalkd, and it doesn't > seem to be very much in the spirit of beanstalk. > > I have two thoughts on how it could be done: > > - write a transparent proxy that rewrites queue names to something that > includes a username > > - dispatch each authenticated user to a separate beanstalkd instance on > separate sockets > > I'm probably not going to do either of those, but it seems relatively > straightforward to do either one. IMO, though, if you need per-queue access > control, beanstalkd is probably not the right solution. > > Jon Cooper ([email protected]) > > > > > > > > On Thu, Jun 16, 2011 at 9:19 AM, David Leimbach <[email protected]> wrote: > > I'm still trying to see if I'm going to be able to use beanstalk at > > all in my project (company policies I don't yet understand), so I > > wouldn't rush to get anything up on github. > > > I'm very glad the work is being done though. > > > Dave > > > On Jun 15, 2:49 pm, Jon Cooper <[email protected]> wrote: > > > Good. I have built a server that one can connect to and SASL > > authenticate. > > > > I just need to make it hand off the connected fd to beanstalkd. ' > > > > My aim is to find some time to do that in the next week or so, but I can > > > push my code up to GitHub if you want to take a pass sooner than that? > > > > Jon Cooper ([email protected]) > > > > On Wed, Jun 15, 2011 at 1:54 PM, David Leimbach <[email protected]> > > wrote: > > > > > On May 5, 3:50 pm, Keith Rarick <[email protected]> wrote: > > > > > On Thu, May 5, 2011 at 8:52 AM, Jon Cooper <[email protected]> > > wrote: > > > > > > Cool. Should just be able to patch make_server_socket to check with > > > > > > sd-daemon.c:sd_is_socket_unix, right? > > > > > > Yes. > > > > > Just kind of wondering if/how this is coming along. > > > > > Dave > > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups > > > > "beanstalk-talk" group. > > > > To post to this group, send email to [email protected]. > > > > To unsubscribe from this group, send email to > > > > [email protected]. > > > > For more options, visit this group at > > > >http://groups.google.com/group/beanstalk-talk?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "beanstalk-talk" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > >http://groups.google.com/group/beanstalk-talk?hl=en. -- You received this message because you are subscribed to the Google Groups "beanstalk-talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/beanstalk-talk?hl=en.
