On Mon, Jul 18, 2011 at 12:37 PM, Marc Ilgen <[email protected]> wrote:
> Hello > Suppose I set up a client/server system with SUB and PUB sockets. I want > the > client to have to authenticate its ability to subscribe and I want the > server to have the ability to unsubscribe a specific named client in the > case that the client's subscription credentials expire or become invalid > for > any reason. > > How can I do this? The only way I can think of to subscribe is to have the > client connect to the server in a REQ/REP fashion and send authenticate > information that way. But I can't see how a PUB socket can drop a > subscriber. Any ideas? > > > ---------------------------------------------------------------------------- > ------ > Marc Ilgen > [email protected] > > Hi Marc, if you are interested in how to do this check out the Salt code: https://github.com/thatch45/salt It uses RSA keys for authentication and then AES for inline encryption, all via a ZeroMQ PUB/SUB system. I don't know what you are planning on building but you could skip the hard part of setting up the encryption system and just use or extend Salt. Also the master terminating the minion connection, Salt can do that but it is a little tricky. You would need to delete the authorized minion public key from the master and then restart the master daemon. When the master daemon is restarted the minions automatically reconnect to the publisher, but the AES key on the master is regenerated, this prompts a re-authentication from the minions and the now unauthenticated minion will fail to authenticate and not be given the new AES key used inline encryption. This will disallow the minion from reconnecting and it will terminate. Hope that helps you! -Thomas S Hatch
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
