[clug] authenticated RPC

tmc at vandradlabs.com.au tmc at vandradlabs.com.au
Wed Sep 10 20:05:07 MDT 2014


Hi all

> On Wed, 10 Sep 2014 02:38:51 PM jm wrote:
>> Are there any RPC protocols out there that have
>> authentication/aothorisation built in? It seem to have been over looked
>> in every one I've looked at. I'm using python to write some middle ware
>> to sit between a django front end on one server and a privileged service
>> on another, exposing a limited set of functionality. While I'll be
>> locking it down to only one or two IP addresses I'd still prefer to have
>> the extra level of protection of authentication. Not just as a mean of
>> defence in depth, but also to stop other things on the front end server
>> from having access or to change what functionality is available
>> depending on the user.
> Maybe something like Apache Etch would be a good fit?
> http://etch.apache.org/index.html
>
> TLS/SSL is one transport option, with password based authn possible within
> that.
>
> Note: Looked at it, but not tried it.

if you do TLS, then you could do client certificate validation against a
known fingerprint, instead of a password. Depends on your application.

Cheers
Tomasz



More information about the linux mailing list