qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Ross <tr...@redhat.com>
Subject New SASL capability for the Python client
Date Wed, 11 Nov 2009 20:50:47 GMT
Full SASL authentication/encryption capability for the Python client was 
added to the trunk at revision 834975.

A new Python module "qpidsasl" implemented in C++ and wrapped for Python 
using Swig was introduced.  This wrapper provides a generalized binding 
to the Cyrus SASL library.  The Python client tries to import this 
module.  If it cannot find it, it will revert to built-in capability 
that only provides ANONYMOUS and PLAIN authentication mechanisms.

This module will be built under the "cpp" build if the python-devel and 
swig packages are present on the development system.  To use it, your 
PYTHONPATH must provide access to the following files (or those files 
need to be copied to where the PYTHONPATH can reach them):

     $(build_dir)/bindings/sasl/python/qpidsasl.py
     $(build_dir)/bindings/sasl/.libs/_qpidsasl.so

The following library is also built (it contains the C++ implemented 
SASL wrapper):

     $(build_dir)/bindings/sasl/.libs/libsaslwrapper.so

When creating the Connection object, you may supply the "mechanism" 
argument with a space-separated list of acceptable authentication 
mechanisms.  If this argument is left to the default value of None 
(recommended), the SASL library will pick the best available mechanism 
for you.

For Kerberos5 single-sign-on, the GSSAPI mechanism is used.

Some notes/caveats:

This is not yet hooked into the newer qpid.messaging API.
This is not built under CMake yet.
This implementation is specific to Linux/Unix.  It is possible that a 
Windows implementation of the wrapper can be developed.
SASL EXTERNAL (i.e. use of SSL/TLS client certificates) is not yet 
supported.  This will be forthcoming.

Note also that I intend to add a Ruby binding to this module and move 
the Ruby client to it.  Ruby already has this capability but using the 
same one that python uses will reduce future support headaches.

-Ted


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


Mime
View raw message