You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Alan Conway <ac...@redhat.com> on 2016/09/12 20:43:17 UTC
SASL configuration from a string?
It looks like Proton requires SASL configuration to come from a named
file. This is bad, because it assumes�
a) there is a file system and�
b) the proton app deployer can modify it.
I was thinking about adding�
� pn_sasl_config_string(pn_sasl_t*, const char*)
So the application can get the config from wherever it pleases or
construct it programatically without assuming a filesystem. Does that
make sense?
What about the SASL database?
Or am I barking up the wrong tree and SASL is just not intended to be
usable in non-filesystem environments?
Cheers,
Alan.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SASL configuration from a string?
Posted by Andrew Stitcher <as...@redhat.com>.
I think that Gordon answered these well, I'll add:
On Mon, 2016-09-12 at 16:43 -0400, Alan Conway wrote:
> ...
> Or am I barking up the wrong tree and SASL is just not intended to be
> usable in non-filesystem environments?
It's not that SASL itself is unusable in non filesystem environments,
just that the implemenation we use Cyrus SASL only really runs under
Unix like environments and has all the assumptions that implies.
There is only one other implementation I'm aware of (gnu sasl) and that
works much more the way you would expect, but it only handles the SASL
protocol and requires its user to do all authentication. So using it
becomes a very large implementation task.
The default (non Cyrus SASL) implementation does not require anything
external at all.
Andrew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SASL configuration from a string?
Posted by Gordon Sim <gs...@redhat.com>.
On 12/09/16 21:43, Alan Conway wrote:
> It looks like Proton requires SASL configuration to come from a named
> file.
I believe that requirement comes from cyrus-sasl, rather than proton itself.
> This is bad, because it assumes
> a) there is a file system and
> b) the proton app deployer can modify it.
>
> I was thinking about adding
>
> pn_sasl_config_string(pn_sasl_t*, const char*)
>
> So the application can get the config from wherever it pleases or
> construct it programatically without assuming a filesystem. Does that
> make sense?
Unless cyrus sasl allows you do specify config in a string, doing this
would require some other SASL implementation.
> What about the SASL database?
>
> Or am I barking up the wrong tree and SASL is just not intended to be
> usable in non-filesystem environments?
I don't think SASL itself cares one way or the other. Implementations of
it may make assumptions though (e.g. cyrus-sasl). However if anyone
needs to use SASL in an environment with no filesystem, they can always
provide an implementation tailored for that environment. My view is to
wait until someone actually has an actual need for it (and then
presumably also some concrete requirements for how it should work).
At present I believe proton requires ssl certificates to be specified as
files also.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org