Authenticated RPC ?

890 views
Skip to first unread message

Han-Wen Nienhuys

unread,
Jun 27, 2011, 4:44:46 PM6/27/11
to golang-nuts
Hi there,

I want to use Go's builtin RPC mechanism for a distributed
application, but want to restrict who can call RPCs. It is fine for
the RPC calls and replies to be visible, but only clients holding a
(shared) secret should be able to issue RPC calls.

Is there is a standard, low-hassle solution for implementing this type
of authentication in Go?

thanks!
--
Han-Wen Nienhuys
Google Engineering Belo Horizonte
han...@google.com

Russ Cox

unread,
Jun 27, 2011, 4:56:44 PM6/27/11
to Han-Wen Nienhuys, golang-nuts
> I want to use Go's builtin RPC mechanism for a distributed
> application, but want to restrict who can call RPCs.    It is fine for
> the RPC calls and replies to be visible, but only clients holding a
> (shared) secret should be able to issue RPC calls.
>
> Is there is a standard, low-hassle solution for implementing this type
> of authentication in Go?

I'd just run your own custom auth protocol
(send the secret, receive "OK") at the beginning
of the connection, before letting rpc have it.
See rpc.ServeConn, rpc.NewClient.

Russ

Han-Wen Nienhuys

unread,
Jun 27, 2011, 9:05:45 PM6/27/11
to r...@golang.org, golang-nuts

Great idea, and simpler than I thought it would be.

On a tangent: is it possible to use one connection to serve as the
transport for bidirectional RPC? (ie.: open one connection, and
connect both a rpc.Server and an rpc.Client to that connection?)

> See rpc.ServeConn, rpc.NewClient.

Rob 'Commander' Pike

unread,
Jun 27, 2011, 9:10:09 PM6/27/11
to Han-Wen Nienhuys, r...@golang.org, golang-nuts

On 28/06/2011, at 11:05 AM, Han-Wen Nienhuys wrote:

> On Mon, Jun 27, 2011 at 5:56 PM, Russ Cox <r...@golang.org> wrote:
>>> I want to use Go's builtin RPC mechanism for a distributed
>>> application, but want to restrict who can call RPCs. It is fine for
>>> the RPC calls and replies to be visible, but only clients holding a
>>> (shared) secret should be able to issue RPC calls.
>>>
>>> Is there is a standard, low-hassle solution for implementing this type
>>> of authentication in Go?
>>
>> I'd just run your own custom auth protocol
>> (send the secret, receive "OK") at the beginning
>> of the connection, before letting rpc have it.
>
> Great idea, and simpler than I thought it would be.
>
> On a tangent: is it possible to use one connection to serve as the
> transport for bidirectional RPC? (ie.: open one connection, and
> connect both a rpc.Server and an rpc.Client to that connection?)

No.

-rob


Brad Fitzpatrick

unread,
Jun 27, 2011, 9:15:44 PM6/27/11
to Han-Wen Nienhuys, Rob 'Commander' Pike, r...@golang.org, golang-nuts
But if that's important (to use one TCP connection) you could make your own implementation of pkg rpc's desired interfaces that do the multiplexing of two TCP connections on top of one.  The rpc package wouldn't care.

roger peppe

unread,
Jul 18, 2011, 5:44:52 AM7/18/11
to Rob 'Commander' Pike, Han-Wen Nienhuys, r...@golang.org, golang-nuts

actually, you can, but it's not entirely straightforward.
a little while ago i wrote up a way of doing it:
http://rogpeppe.wordpress.com/2011/02/10/bidirectional-rpc-with-netchan/

Reply all
Reply to author
Forward
0 new messages