The ZAP handler gets the identity of the client (along with all metadata) and can validate it. So you can use client identity + public key authentication, and then each message will report the authenticated sender.
On Tue, Dec 31, 2013 at 7:08 PM, Drew Crawford <[email protected]> wrote: > I think I can supply a patch that is at least good enough to get cleaned up > and merged by a zmq dev. The open question at this point is which way the > correlation should get resolved. One possibility is to populate the ZAP > identity with the router identity instead of the empty string. Another > possibility is to populate the userid from ZAP somewhere in the router. > There are other possibilities that have not occurred to me. > > I know enough to make a run at any of these, but not enough to identify the > best solution from the set of options. I’m hoping a dev can pop out of the > woodwork and identify which solution is the one that should be tried. > > Drew > On Dec 31, 2013, at 11:51 AM, Nicolas Delaby <[email protected]> wrote: > >> On 12/31/2013 06:30 PM, Drew Crawford wrote: >>> Hi Nicolas, >>> >>> I’m reasonably sure we have the same problem, and I’ve gotten somewhat >>> further along without solving it. We may want to compare notes. Take a >>> look at my thread "How do I find out which ZAP user I'm talking to?”. >> >> Hi Drew, >> Yes indeed, we are facing same issue. >> So far I'm using an ugly hack assuming that the immediate next recv() >> contains the identity of the peer I just authorized within my >> zap_handler. This code is not used yet on production, so I believe it >> works only by chance. I wanted to have confirmation from zeromq dev. >> >> My attitude on open-source project is to come with a pull request when >> my needs are not fulfilled. But unfortunately C++ is way far beyond my >> skills. So I hope to find here new ideas I didn't thought about it. >> >> Your testimony doesn't make me feel more confident :) >> >> As an ultimate workaround I will probably fallback on zmq.PLAIN + stunnel. >> >> Cheers, >> Nicolas >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
