[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: When adding new node, how does the broker authenticate?



On Mon, Jun 17, 2013 at 09:46:22AM -0400, Mark Lamourine wrote:
> 
> Unless things have changed (and they have in some areas since I worked on them), the way this works is that the node runs the mcollectived which connects to
> and activemq server and registers to receive requests from the broker.  The /etc/mcollective/server.conf file contains authentication information to allow it to connect to the ActiveMQ servers and a "secret" which it will use to authenticate incoming requests from the broker.
> 

[...]

> The node *does* trust the broker when the broker sends MCollective RPC calls. (the broker gives the password from the /etc/mcollective/client.conf which must match what the node has in the /etc/mcollective/server.conf)
> 

On Mon, Jun 17, 2013 at 09:21:34AM -0700, Krishna Raman wrote:
> 
> The security here is mainly in how m-collective/activemq queues and passwords are configured.  
> Activemq/m-collective auth is used to make sure that nodes/brokers are not randomly claimed/controlled.
> 

Thank you both.

-- 
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]