SASL configuration from a string?

[Alan Conway <ac...@redhat.com>]

It looks like Proton requires SASL configuration to come from a named
file. This is bad, because it assumes�
a) there is a file system and�
b) the proton app deployer can modify it.

I was thinking about adding�

� pn_sasl_config_string(pn_sasl_t*, const char*)

So the application can get the config from wherever it pleases or
construct it programatically without assuming a filesystem. Does that
make sense?

What about the SASL database?

Or am I barking up the wrong tree and SASL is just not intended to be
usable in non-filesystem environments?

Cheers,
Alan.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: SASL configuration from a string?

[Andrew Stitcher <as...@redhat.com>]

I think that Gordon answered these well, I'll add:

On Mon, 2016-09-12 at 16:43 -0400, Alan Conway wrote:
> ...
> Or am I barking up the wrong tree and SASL is just not intended to be
> usable in non-filesystem environments?

It's not that SASL itself is unusable in non filesystem environments,
just that the implemenation we use Cyrus SASL only really runs under
Unix like environments and has all the assumptions that implies.

There is only one other implementation I'm aware of (gnu sasl) and that
works much more the way you would expect, but it only handles the SASL
protocol and requires its user to do all authentication. So using it
becomes a very large implementation task.

The default (non Cyrus SASL) implementation does not require anything
external at all.

Andrew


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: SASL configuration from a string?

[Gordon Sim <gs...@redhat.com>]

On 12/09/16 21:43, Alan Conway wrote:
> It looks like Proton requires SASL configuration to come from a named
> file.

I believe that requirement comes from cyrus-sasl, rather than proton itself.

> This is bad, because it assumes
> a) there is a file system and
> b) the proton app deployer can modify it.
>
> I was thinking about adding
>
>   pn_sasl_config_string(pn_sasl_t*, const char*)
>
> So the application can get the config from wherever it pleases or
> construct it programatically without assuming a filesystem. Does that
> make sense?

Unless cyrus sasl allows you do specify config in a string, doing this 
would require some other SASL implementation.

> What about the SASL database?
>
> Or am I barking up the wrong tree and SASL is just not intended to be
> usable in non-filesystem environments?

I don't think SASL itself cares one way or the other. Implementations of 
it may make assumptions though (e.g. cyrus-sasl). However if anyone 
needs to use SASL in an environment with no filesystem, they can always 
provide an implementation tailored for that environment. My view is to 
wait until someone actually has an actual need for it (and then 
presumably also some concrete requirements for how it should work).

At present I believe proton requires ssl certificates to be specified as 
files also.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org