From users-return-2169-apmail-qpid-users-archive=qpid.apache.org@qpid.apache.org Wed Nov 11 20:51:18 2009 Return-Path: Delivered-To: apmail-qpid-users-archive@www.apache.org Received: (qmail 40170 invoked from network); 11 Nov 2009 20:51:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 11 Nov 2009 20:51:17 -0000 Received: (qmail 32530 invoked by uid 500); 11 Nov 2009 20:51:17 -0000 Delivered-To: apmail-qpid-users-archive@qpid.apache.org Received: (qmail 32470 invoked by uid 500); 11 Nov 2009 20:51:17 -0000 Mailing-List: contact users-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@qpid.apache.org Delivered-To: mailing list users@qpid.apache.org Received: (qmail 32454 invoked by uid 99); 11 Nov 2009 20:51:17 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Nov 2009 20:51:17 +0000 X-ASF-Spam-Status: No, hits=-4.0 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of tross@redhat.com designates 209.132.183.28 as permitted sender) Received: from [209.132.183.28] (HELO mx1.redhat.com) (209.132.183.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Nov 2009 20:51:10 +0000 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id nABKomVZ025271 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 11 Nov 2009 15:50:48 -0500 Received: from [10.11.10.155] (vpn-10-155.rdu.redhat.com [10.11.10.155]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id nABKolsB019249; Wed, 11 Nov 2009 15:50:48 -0500 Message-ID: <4AFB23A7.1030500@redhat.com> Date: Wed, 11 Nov 2009 15:50:47 -0500 From: Ted Ross User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4pre) Gecko/20091014 Fedora/3.0-2.8.b4.fc11 Thunderbird/3.0b4 MIME-Version: 1.0 To: dev@qpid.apache.org, users@qpid.apache.org Subject: New SASL capability for the Python client Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Virus-Checked: Checked by ClamAV on apache.org Full SASL authentication/encryption capability for the Python client was added to the trunk at revision 834975. A new Python module "qpidsasl" implemented in C++ and wrapped for Python using Swig was introduced. This wrapper provides a generalized binding to the Cyrus SASL library. The Python client tries to import this module. If it cannot find it, it will revert to built-in capability that only provides ANONYMOUS and PLAIN authentication mechanisms. This module will be built under the "cpp" build if the python-devel and swig packages are present on the development system. To use it, your PYTHONPATH must provide access to the following files (or those files need to be copied to where the PYTHONPATH can reach them): $(build_dir)/bindings/sasl/python/qpidsasl.py $(build_dir)/bindings/sasl/.libs/_qpidsasl.so The following library is also built (it contains the C++ implemented SASL wrapper): $(build_dir)/bindings/sasl/.libs/libsaslwrapper.so When creating the Connection object, you may supply the "mechanism" argument with a space-separated list of acceptable authentication mechanisms. If this argument is left to the default value of None (recommended), the SASL library will pick the best available mechanism for you. For Kerberos5 single-sign-on, the GSSAPI mechanism is used. Some notes/caveats: This is not yet hooked into the newer qpid.messaging API. This is not built under CMake yet. This implementation is specific to Linux/Unix. It is possible that a Windows implementation of the wrapper can be developed. SASL EXTERNAL (i.e. use of SSL/TLS client certificates) is not yet supported. This will be forthcoming. Note also that I intend to add a Ruby binding to this module and move the Ruby client to it. Ruby already has this capability but using the same one that python uses will reduce future support headaches. -Ted --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:users-subscribe@qpid.apache.org