[
https://issues.apache.org/jira/browse/MESOS-9042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16529062#comment-16529062
]
Till Toenshoff commented on MESOS-9042:
---------------------------------------
The solution I have now built does depend on users supplying the modules
library explicitly when intending to use CRAM-MD5 authentication - that is a
breaking change against the existing way of doing things. We need to discuss
this and all the options we have. For that I will spin up a mail in the
dev-list – hoping for your input.
And here are some results of my approach:
{noformat}
$ otool -L libmesos.dylib
libmesos.dylib:
@rpath/libmesos.0.dylib (compatibility version 0.0.0, current version 1.7.0)
@rpath/libprocess.dylib (compatibility version 0.0.0, current version 0.0.0)
@rpath/libmesos-protobufs.dylib (compatibility version 0.0.0, current version
0.0.0)
/usr/local/opt/apr/libexec/lib/libapr-1.0.dylib (compatibility version 7.0.0,
current version 7.3.0)
/usr/lib/libcurl.4.dylib (compatibility version 7.0.0, current version 9.0.0)
/Users/till/Development/mesos-private/build/3rdparty/glog-0.3.3/src/glog-0.3.3-build/lib/libglog.0.dylib
(compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.11)
/usr/local/opt/subversion/lib/libsvn_delta-1.0.dylib (compatibility version
1.0.0, current version 1.0.0)
/usr/local/opt/subversion/lib/libsvn_diff-1.0.dylib (compatibility version
1.0.0, current version 1.0.0)
/usr/local/opt/subversion/lib/libsvn_subr-1.0.dylib (compatibility version
1.0.0, current version 1.0.0)
/usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0,
current version 1.0.0)
/usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0,
current version 1.0.0)
/Users/till/Development/mesos-private/build/3rdparty/protobuf-3.5.0/src/protobuf-3.5.0-build/libprotobuf.dylib
(compatibility version 0.0.0, current version 0.0.0)
/usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 400.9.4)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version
1252.200.5){noformat}
No SASL in the dependencies anymore.
The module library for RPC authentication shows this:
{noformat}
$ otool -L libauthentication.dylib
libauthentication.dylib:
@rpath/libauthentication.dylib (compatibility version 0.0.0, current version
0.0.0)
/usr/lib/libsasl2.2.dylib (compatibility version 3.0.0, current version 3.15.0)
@rpath/libmesos.0.dylib (compatibility version 0.0.0, current version 1.7.0)
@rpath/libprocess.dylib (compatibility version 0.0.0, current version 0.0.0)
/usr/local/opt/apr/libexec/lib/libapr-1.0.dylib (compatibility version 7.0.0,
current version 7.3.0)
/usr/lib/libcurl.4.dylib (compatibility version 7.0.0, current version 9.0.0)
/Users/till/Development/mesos-private/build/3rdparty/glog-0.3.3/src/glog-0.3.3-build/lib/libglog.0.dylib
(compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.11)
/usr/local/opt/subversion/lib/libsvn_delta-1.0.dylib (compatibility version
1.0.0, current version 1.0.0)
/usr/local/opt/subversion/lib/libsvn_diff-1.0.dylib (compatibility version
1.0.0, current version 1.0.0)
/usr/local/opt/subversion/lib/libsvn_subr-1.0.dylib (compatibility version
1.0.0, current version 1.0.0)
/usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0,
current version 1.0.0)
/usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0,
current version 1.0.0)
@rpath/libmesos-protobufs.dylib (compatibility version 0.0.0, current version
0.0.0)
/Users/till/Development/mesos-private/build/3rdparty/protobuf-3.5.0/src/protobuf-3.5.0-build/libprotobuf.dylib
(compatibility version 0.0.0, current version 0.0.0)
/usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 400.9.4)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version
1252.200.5){noformat}
So this library now drags in a hard dependency against SASL.
> Move SASL based CRAM-MD5 authentication out of libmesos.
> --------------------------------------------------------
>
> Key: MESOS-9042
> URL: https://issues.apache.org/jira/browse/MESOS-9042
> Project: Mesos
> Issue Type: Improvement
> Reporter: Till Toenshoff
> Priority: Minor
> Labels: SASL, building, deployment, modules, security
>
> We might want to reduce the hard dependencies of libmesos against third party
> libraries, simplifying deployment and speeding up load times. In case of the
> SASL based CRAM-MD5 authentication, we already have (test-)modules built
> which provide the needed services.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
