You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Ted Ross <tr...@redhat.com> on 2009/11/11 21:50:47 UTC
New SASL capability for the Python client
Full SASL authentication/encryption capability for the Python client was
added to the trunk at revision 834975.
A new Python module "qpidsasl" implemented in C++ and wrapped for Python
using Swig was introduced. This wrapper provides a generalized binding
to the Cyrus SASL library. The Python client tries to import this
module. If it cannot find it, it will revert to built-in capability
that only provides ANONYMOUS and PLAIN authentication mechanisms.
This module will be built under the "cpp" build if the python-devel and
swig packages are present on the development system. To use it, your
PYTHONPATH must provide access to the following files (or those files
need to be copied to where the PYTHONPATH can reach them):
$(build_dir)/bindings/sasl/python/qpidsasl.py
$(build_dir)/bindings/sasl/.libs/_qpidsasl.so
The following library is also built (it contains the C++ implemented
SASL wrapper):
$(build_dir)/bindings/sasl/.libs/libsaslwrapper.so
When creating the Connection object, you may supply the "mechanism"
argument with a space-separated list of acceptable authentication
mechanisms. If this argument is left to the default value of None
(recommended), the SASL library will pick the best available mechanism
for you.
For Kerberos5 single-sign-on, the GSSAPI mechanism is used.
Some notes/caveats:
This is not yet hooked into the newer qpid.messaging API.
This is not built under CMake yet.
This implementation is specific to Linux/Unix. It is possible that a
Windows implementation of the wrapper can be developed.
SASL EXTERNAL (i.e. use of SSL/TLS client certificates) is not yet
supported. This will be forthcoming.
Note also that I intend to add a Ruby binding to this module and move
the Ruby client to it. Ruby already has this capability but using the
same one that python uses will reduce future support headaches.
-Ted
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: New SASL capability for the Python client
Posted by Ted Ross <tr...@redhat.com>.
On 11/11/2009 04:29 PM, Andrew Stitcher wrote:
> On Wed, 2009-11-11 at 15:50 -0500, Ted Ross wrote:
>
>> Full SASL authentication/encryption capability for the Python client was
>> added to the trunk at revision 834975.
>>
>> A new Python module "qpidsasl" implemented in C++ and wrapped for Python
>> using Swig was introduced. This wrapper provides a generalized binding
>> to the Cyrus SASL library. The Python client tries to import this
>> module. If it cannot find it, it will revert to built-in capability
>> that only provides ANONYMOUS and PLAIN authentication mechanisms.
>>
> This would appear to not really be connected with qpid itself, but
> rather be a (very) useful addition to the python (and ruby) libraries.
>
> I'd say it would actually be better and more generally useful (for other
> applications) to put this code in an entirely separate repository from
> qpid and for it to distributed entirely separately from qpid. And so to
> remove the qpid element of its name.
>
> For Fedora (and the like you'd package it in packages called
> python-sasl, ruby-sasl unless those names are already taken)
>
> Have I missed something here that makes this actually specific to qpid?
>
> Andrew
>
>
The library that holds the wrapper code is libsaslwrapper.so. The
Python binding I called qpidsasl but you are correct in saying that
there is nothing qpid or messaging related in either the library or the
module. All the library does is provide an alternate API that doesn't
rely on callbacks and is easily wrapped in scripting languages. I'd be
happy to move the whole thing to a top level directory under qpid if
there's a consensus that that is the right thing to do.
I assume that we, as the Qpid community, don't have access to
directories above qpid. I just wanted to implement SASL for Python and
Ruby, not start a whole new project.
-Ted
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
Re: New SASL capability for the Python client
Posted by Carl Trieloff <cc...@redhat.com>.
Andrew Stitcher wrote:
> On Wed, 2009-11-11 at 16:29 -0500, Andrew Stitcher wrote:
>
>> On Wed, 2009-11-11 at 15:50 -0500, Ted Ross wrote:
>>
>>> Full SASL authentication/encryption capability for the Python client was
>>> added to the trunk at revision 834975.
>>>
>>> A new Python module "qpidsasl" implemented in C++ and wrapped for Python
>>> using Swig was introduced. This wrapper provides a generalized binding
>>> to the Cyrus SASL library. The Python client tries to import this
>>> module. If it cannot find it, it will revert to built-in capability
>>> that only provides ANONYMOUS and PLAIN authentication mechanisms.
>>>
>> This would appear to not really be connected with qpid itself, but
>> rather be a (very) useful addition to the python (and ruby) libraries.
>>
>> I'd say it would actually be better and more generally useful (for other
>> applications) to put this code in an entirely separate repository from
>> qpid and for it to distributed entirely separately from qpid. And so to
>> remove the qpid element of its name.
>>
>
> Specifically I'd add that its location in the source tree is not correct
> in my mind - it is not really any part of the c++ implementation of the
> amqp protocol and it is not a binding to a any qpid library so putting
> it in cpp/bindings is more confusing than not.
>
> It also adds to an already complex c++ build.
>
> I'd prefer to see it moved to its own top level directory until we can
> put it outside qpid altogether. Say in "sasl".
maybe create a util/sasl directory... I would not go to the effort of
another package unless there is
a LOT of interest to do so
Carl.
Re: New SASL capability for the Python client
Posted by Andrew Stitcher <as...@redhat.com>.
On Wed, 2009-11-11 at 16:29 -0500, Andrew Stitcher wrote:
> On Wed, 2009-11-11 at 15:50 -0500, Ted Ross wrote:
> > Full SASL authentication/encryption capability for the Python client was
> > added to the trunk at revision 834975.
> >
> > A new Python module "qpidsasl" implemented in C++ and wrapped for Python
> > using Swig was introduced. This wrapper provides a generalized binding
> > to the Cyrus SASL library. The Python client tries to import this
> > module. If it cannot find it, it will revert to built-in capability
> > that only provides ANONYMOUS and PLAIN authentication mechanisms.
>
> This would appear to not really be connected with qpid itself, but
> rather be a (very) useful addition to the python (and ruby) libraries.
>
> I'd say it would actually be better and more generally useful (for other
> applications) to put this code in an entirely separate repository from
> qpid and for it to distributed entirely separately from qpid. And so to
> remove the qpid element of its name.
Specifically I'd add that its location in the source tree is not correct
in my mind - it is not really any part of the c++ implementation of the
amqp protocol and it is not a binding to a any qpid library so putting
it in cpp/bindings is more confusing than not.
It also adds to an already complex c++ build.
I'd prefer to see it moved to its own top level directory until we can
put it outside qpid altogether. Say in "sasl".
Andrew
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
Re: New SASL capability for the Python client
Posted by Andrew Stitcher <as...@redhat.com>.
On Wed, 2009-11-11 at 15:50 -0500, Ted Ross wrote:
> Full SASL authentication/encryption capability for the Python client was
> added to the trunk at revision 834975.
>
> A new Python module "qpidsasl" implemented in C++ and wrapped for Python
> using Swig was introduced. This wrapper provides a generalized binding
> to the Cyrus SASL library. The Python client tries to import this
> module. If it cannot find it, it will revert to built-in capability
> that only provides ANONYMOUS and PLAIN authentication mechanisms.
This would appear to not really be connected with qpid itself, but
rather be a (very) useful addition to the python (and ruby) libraries.
I'd say it would actually be better and more generally useful (for other
applications) to put this code in an entirely separate repository from
qpid and for it to distributed entirely separately from qpid. And so to
remove the qpid element of its name.
For Fedora (and the like you'd package it in packages called
python-sasl, ruby-sasl unless those names are already taken)
Have I missed something here that makes this actually specific to qpid?
Andrew
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: New SASL capability for the Python client
Posted by Andrew Stitcher <as...@redhat.com>.
On Wed, 2009-11-11 at 15:50 -0500, Ted Ross wrote:
> Full SASL authentication/encryption capability for the Python client was
> added to the trunk at revision 834975.
>
> A new Python module "qpidsasl" implemented in C++ and wrapped for Python
> using Swig was introduced. This wrapper provides a generalized binding
> to the Cyrus SASL library. The Python client tries to import this
> module. If it cannot find it, it will revert to built-in capability
> that only provides ANONYMOUS and PLAIN authentication mechanisms.
This would appear to not really be connected with qpid itself, but
rather be a (very) useful addition to the python (and ruby) libraries.
I'd say it would actually be better and more generally useful (for other
applications) to put this code in an entirely separate repository from
qpid and for it to distributed entirely separately from qpid. And so to
remove the qpid element of its name.
For Fedora (and the like you'd package it in packages called
python-sasl, ruby-sasl unless those names are already taken)
Have I missed something here that makes this actually specific to qpid?
Andrew
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
RE: New SASL capability for the Python client
Posted by "Riggs, Rob" <Ro...@epsilon.com>.
> From: Ted Ross [mailto:tross@redhat.com]
>
> Full SASL authentication/encryption capability for the Python client
> was added to the trunk at revision 834975.
>
> A new Python module "qpidsasl" implemented in C++ and wrapped for
> Python Swig was introduced. This wrapper provides a generalized binding
> to the Cyrus SASL library.
Is this something that is of general interest? If this really is a generalized binding to the Cyrus SASL library, would this make sense as an independent Python module?
I think the Twisted folks are working on SASL bindings too. http://www.mail-archive.com/twisted-python@twistedmatrix.com/msg01827.html
Rob
This e-mail and files transmitted with it are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not one of the named recipient(s) or otherwise have reason to believe that you received this message in error, please immediately notify sender by e-mail, and destroy the original message. Thank You.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
RE: New SASL capability for the Python client
Posted by "Riggs, Rob" <Ro...@epsilon.com>.
> From: Ted Ross [mailto:tross@redhat.com]
>
> Full SASL authentication/encryption capability for the Python client
> was added to the trunk at revision 834975.
>
> A new Python module "qpidsasl" implemented in C++ and wrapped for
> Python Swig was introduced. This wrapper provides a generalized binding
> to the Cyrus SASL library.
Is this something that is of general interest? If this really is a generalized binding to the Cyrus SASL library, would this make sense as an independent Python module?
I think the Twisted folks are working on SASL bindings too. http://www.mail-archive.com/twisted-python@twistedmatrix.com/msg01827.html
Rob
This e-mail and files transmitted with it are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not one of the named recipient(s) or otherwise have reason to believe that you received this message in error, please immediately notify sender by e-mail, and destroy the original message. Thank You.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org