Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nsqd: pass TLS CN= to auth API #793

Closed
devicenull opened this issue Sep 30, 2016 · 2 comments · Fixed by #1119
Closed

nsqd: pass TLS CN= to auth API #793

devicenull opened this issue Sep 30, 2016 · 2 comments · Fixed by #1119
Labels
feature help wanted request

Comments

@devicenull
Copy link

We already have a TLS CA and cert architecture set up, and would like to reuse that with nsq. This setup was all built out for Puppet, which uses the Subject of the cert to determine which machine is which. I'd like to see nsq pass the 'Subject CN' to the auth api, so we can determine what permissions a connection should have based on it's cert.

Combined with -tls-client-auth-policy require-verify, this would give us strong authentication without needing to maintain a separate list of shared secrets.
@mreiferson
Copy link
Member

this is a cool idea, I think I'm 👍

@mreiferson mreiferson changed the title nsqd: Pass TLS CN= to auth API nsqd: pass TLS CN= to auth API Jan 5, 2019
@mreiferson mreiferson mentioned this issue Jan 5, 2019
Merged
@mreiferson
Copy link
Member

see #1119

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature help wanted request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

nsqd: send client TLS cert common_name on authd requests mreiferson/nsq
2 participants
@devicenull @mreiferson