I want to use Go's builtin RPC mechanism for a distributed
application, but want to restrict who can call RPCs. It is fine for
the RPC calls and replies to be visible, but only clients holding a
(shared) secret should be able to issue RPC calls.
Is there is a standard, low-hassle solution for implementing this type
of authentication in Go?
thanks!
--
Han-Wen Nienhuys
Google Engineering Belo Horizonte
han...@google.com
I'd just run your own custom auth protocol
(send the secret, receive "OK") at the beginning
of the connection, before letting rpc have it.
See rpc.ServeConn, rpc.NewClient.
Russ
Great idea, and simpler than I thought it would be.
On a tangent: is it possible to use one connection to serve as the
transport for bidirectional RPC? (ie.: open one connection, and
connect both a rpc.Server and an rpc.Client to that connection?)
> See rpc.ServeConn, rpc.NewClient.
> On Mon, Jun 27, 2011 at 5:56 PM, Russ Cox <r...@golang.org> wrote:
>>> I want to use Go's builtin RPC mechanism for a distributed
>>> application, but want to restrict who can call RPCs. It is fine for
>>> the RPC calls and replies to be visible, but only clients holding a
>>> (shared) secret should be able to issue RPC calls.
>>>
>>> Is there is a standard, low-hassle solution for implementing this type
>>> of authentication in Go?
>>
>> I'd just run your own custom auth protocol
>> (send the secret, receive "OK") at the beginning
>> of the connection, before letting rpc have it.
>
> Great idea, and simpler than I thought it would be.
>
> On a tangent: is it possible to use one connection to serve as the
> transport for bidirectional RPC? (ie.: open one connection, and
> connect both a rpc.Server and an rpc.Client to that connection?)
No.
-rob
actually, you can, but it's not entirely straightforward.
a little while ago i wrote up a way of doing it:
http://rogpeppe.wordpress.com/2011/02/10/bidirectional-rpc-with-netchan/