Joshua, your question scares me :) Actually you can define user/pass for rabbitmq: See in rpc/impl_kombu.py, which is used by default: 308 self.params = dict(hostname=FLAGS.rabbit_host, 309 port=FLAGS.rabbit_port, 310 userid=FLAGS.rabbit_userid, 311 password=FLAGS.rabbit_password, 312 virtual_host=FLAGS.rabbit_virtual_host)
But this seems to be not secured connection, since I don't see here usage of SSL. In rpc/impl_carrot.py: 66 params = dict(hostname=FLAGS.rabbit_host, 67 port=FLAGS.rabbit_port, * 68 ssl=FLAGS.rabbit_use_ssl,* 69 userid=FLAGS.rabbit_userid, 70 password=FLAGS.rabbit_password, 71 virtual_host=FLAGS.rabbit_virtual_host) but I never tried this carrot and don't know if it works. Can someone else clarify the question? It seems important in terms of security. Thanks, On Wed, Sep 21, 2011 at 2:20 PM, Joshua Harlow <[email protected]>wrote: > A quick security question. > > Is there any plan to force authentication/authorization of the rabbitmq > messages? > > Right now it seems like keystone (tbd) will protect the > external<->openstack layers but what about the openstack<->openstack layers. > > If someone got access to the rabbitmq it seems like without this kind of > layer bad things could happen (create me 1000 nodes...). > > Has there been any thought in that area? > > -Josh > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > -- Mike Scherbakov
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
