RE: [sqlalchemy] Kerberos authentication with sybase
I think it you want to make it flexible there should be a dictionary or a two-dimensional list specifying which options should be set, so in case of kerberos it would have two elements. Unfortunatelly these options cannot be specified for the connect() function of python-sybase. the goal here is so that the options can all be embedded in the URL at least as key/value pairs. How would the Sybase.XXX symbols be embedded ? The biggest problem here is the serialization of those values to string and de-serializing them when sqlalchemy sets them to python-sybase. It could be ok if we would know the type of the property but as far as I see it cannot be introspected from the sybase library. We could have an algorithm serializing/deserializing the value: - if it's starting with CS_, we use it as the name of the variable in the Sybase module - if we can convert it to an integer we use it as an integer - otherwise we use it as string specified Based on the above, my kerberos connection url would be the following (missing username+pw in this case): sybase+pysybase://hostname/?CS_SEC_NETWORKAUTH=CS_TRUECS_SEC_SERVERPRINCIPAL=sybase/some_host It's just an idea, I don't know how it could fit into the design of sqlalchemy. Zsolt -- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.
Re: [sqlalchemy] Kerberos authentication with sybase
On Jun 15, 2010, at 9:13 AM, Cserna, Zsolt wrote: I think it you want to make it flexible there should be a dictionary or a two-dimensional list specifying which options should be set, so in case of kerberos it would have two elements. Unfortunatelly these options cannot be specified for the connect() function of python-sybase. the goal here is so that the options can all be embedded in the URL at least as key/value pairs. How would the Sybase.XXX symbols be embedded ? The biggest problem here is the serialization of those values to string and de-serializing them when sqlalchemy sets them to python-sybase. It could be ok if we would know the type of the property but as far as I see it cannot be introspected from the sybase library. We could have an algorithm serializing/deserializing the value: - if it's starting with CS_, we use it as the name of the variable in the Sybase module - if we can convert it to an integer we use it as an integer - otherwise we use it as string specified Based on the above, my kerberos connection url would be the following (missing username+pw in this case): sybase+pysybase://hostname/?CS_SEC_NETWORKAUTH=CS_TRUECS_SEC_SERVERPRINCIPAL=sybase/some_host It's just an idea, I don't know how it could fit into the design of sqlalchemy. we can do whatever we want, this would all be local to the python-sybase dialect. The above is sort of like what I was thinking. Zsolt -- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.
RE: [sqlalchemy] Kerberos authentication with sybase
Behind the scenes the c library calls ct_con_props C function: http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.mainframeconnect_12.6.occprc/html/occprc/X38419.htm You can find the properties at: http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.mainframeconnect_12.6.occprc/html/occprc/occprc46.htm And at: http://infocenter.sybase.com/help/topic/com.sybase.help.sdk_12.5.1.ctref/html/ctref/X29866.htm I think it you want to make it flexible there should be a dictionary or a two-dimensional list specifying which options should be set, so in case of kerberos it would have two elements. Unfortunatelly these options cannot be specified for the connect() function of python-sybase. Zsolt -Original Message- From: sqlalchemy@googlegroups.com [mailto:sqlalch...@googlegroups.com] On Behalf Of Michael Bayer Sent: Friday, June 11, 2010 17:07 To: sqlalchemy@googlegroups.com Subject: Re: [sqlalchemy] Kerberos authentication with sybase On Jun 11, 2010, at 4:50 AM, Cserna, Zsolt wrote: The DBAPI is python-sybase (http://python-sybase.sourceforge.net/). Here is an example: conn = Sybase.connect(hostname, , , delay_connect=1) conn.set_property(Sybase.CS_SEC_NETWORKAUTH, Sybase.CS_TRUE) conn.set_property(Sybase.CS_SEC_SERVERPRINCIPAL, principal) conn.connect() The variable principal would come from connection string. OK that is fine, is the above part of some larger pattern of connection styles ? like is there some other series of things I can do ater setting NETWORKAUTH to TRUE , other options ? if we want to make a feature out of this, it would be best to suit the whole range of use cases. Zsolt -Original Message- From: sqlalchemy@googlegroups.com [mailto:sqlalch...@googlegroups.com] On Behalf Of Michael Bayer Sent: Thursday, June 10, 2010 15:58 To: sqlalchemy@googlegroups.com Subject: Re: [sqlalchemy] Kerberos authentication with sybase if you want to show me how that's done with your DBAPI (what DBAPI is this?), sure, though if its something that you pass in via **kw to DBAPI.connect(), you can already do that by passing connect_args to create_engine(), or adding them onto the querystring db://...?foo=bar. On Jun 10, 2010, at 9:10 AM, Cserna, Zsolt wrote: Hi all, Is there any plan to add kerberos authentication to the sybase engine in sqlalchemy? I've implemented it but it's using the creator parameter of the create_engine function, which is ok, but in certain circumstances when the application using sqlalchemy uses configuration from a text file, I'm not able to do it easily (in pylons I need to modify my templates, or add a bunch of code to each project). It would be nice if sqlalchemy would be able to accept the server's principal specified in the connection string somehow - and if it's specified use kerberos to authenticate the client. Is it possible to implement this modification in sqlalchemy? I'm happy to contribute my current implementation. Thanks, Zsolt - - NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- You received this message because you are subscribed
Re: [sqlalchemy] Kerberos authentication with sybase
On Jun 14, 2010, at 5:16 AM, Cserna, Zsolt wrote: Behind the scenes the c library calls ct_con_props C function: http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.mainframeconnect_12.6.occprc/html/occprc/X38419.htm You can find the properties at: http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.mainframeconnect_12.6.occprc/html/occprc/occprc46.htm And at: http://infocenter.sybase.com/help/topic/com.sybase.help.sdk_12.5.1.ctref/html/ctref/X29866.htm I think it you want to make it flexible there should be a dictionary or a two-dimensional list specifying which options should be set, so in case of kerberos it would have two elements. Unfortunatelly these options cannot be specified for the connect() function of python-sybase. the goal here is so that the options can all be embedded in the URL at least as key/value pairs. How would the Sybase.XXX symbols be embedded ? Zsolt -Original Message- From: sqlalchemy@googlegroups.com [mailto:sqlalch...@googlegroups.com] On Behalf Of Michael Bayer Sent: Friday, June 11, 2010 17:07 To: sqlalchemy@googlegroups.com Subject: Re: [sqlalchemy] Kerberos authentication with sybase On Jun 11, 2010, at 4:50 AM, Cserna, Zsolt wrote: The DBAPI is python-sybase (http://python-sybase.sourceforge.net/). Here is an example: conn = Sybase.connect(hostname, , , delay_connect=1) conn.set_property(Sybase.CS_SEC_NETWORKAUTH, Sybase.CS_TRUE) conn.set_property(Sybase.CS_SEC_SERVERPRINCIPAL, principal) conn.connect() The variable principal would come from connection string. OK that is fine, is the above part of some larger pattern of connection styles ? like is there some other series of things I can do ater setting NETWORKAUTH to TRUE , other options ? if we want to make a feature out of this, it would be best to suit the whole range of use cases. Zsolt -Original Message- From: sqlalchemy@googlegroups.com [mailto:sqlalch...@googlegroups.com] On Behalf Of Michael Bayer Sent: Thursday, June 10, 2010 15:58 To: sqlalchemy@googlegroups.com Subject: Re: [sqlalchemy] Kerberos authentication with sybase if you want to show me how that's done with your DBAPI (what DBAPI is this?), sure, though if its something that you pass in via **kw to DBAPI.connect(), you can already do that by passing connect_args to create_engine(), or adding them onto the querystring db://...?foo=bar. On Jun 10, 2010, at 9:10 AM, Cserna, Zsolt wrote: Hi all, Is there any plan to add kerberos authentication to the sybase engine in sqlalchemy? I've implemented it but it's using the creator parameter of the create_engine function, which is ok, but in certain circumstances when the application using sqlalchemy uses configuration from a text file, I'm not able to do it easily (in pylons I need to modify my templates, or add a bunch of code to each project). It would be nice if sqlalchemy would be able to accept the server's principal specified in the connection string somehow - and if it's specified use kerberos to authenticate the client. Is it possible to implement this modification in sqlalchemy? I'm happy to contribute my current implementation. Thanks, Zsolt - - NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit
RE: [sqlalchemy] Kerberos authentication with sybase
The DBAPI is python-sybase (http://python-sybase.sourceforge.net/). Here is an example: conn = Sybase.connect(hostname, , , delay_connect=1) conn.set_property(Sybase.CS_SEC_NETWORKAUTH, Sybase.CS_TRUE) conn.set_property(Sybase.CS_SEC_SERVERPRINCIPAL, principal) conn.connect() The variable principal would come from connection string. Zsolt -Original Message- From: sqlalchemy@googlegroups.com [mailto:sqlalch...@googlegroups.com] On Behalf Of Michael Bayer Sent: Thursday, June 10, 2010 15:58 To: sqlalchemy@googlegroups.com Subject: Re: [sqlalchemy] Kerberos authentication with sybase if you want to show me how that's done with your DBAPI (what DBAPI is this?), sure, though if its something that you pass in via **kw to DBAPI.connect(), you can already do that by passing connect_args to create_engine(), or adding them onto the querystring db://...?foo=bar. On Jun 10, 2010, at 9:10 AM, Cserna, Zsolt wrote: Hi all, Is there any plan to add kerberos authentication to the sybase engine in sqlalchemy? I've implemented it but it's using the creator parameter of the create_engine function, which is ok, but in certain circumstances when the application using sqlalchemy uses configuration from a text file, I'm not able to do it easily (in pylons I need to modify my templates, or add a bunch of code to each project). It would be nice if sqlalchemy would be able to accept the server's principal specified in the connection string somehow - and if it's specified use kerberos to authenticate the client. Is it possible to implement this modification in sqlalchemy? I'm happy to contribute my current implementation. Thanks, Zsolt -- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.
Re: [sqlalchemy] Kerberos authentication with sybase
On Jun 11, 2010, at 4:50 AM, Cserna, Zsolt wrote: The DBAPI is python-sybase (http://python-sybase.sourceforge.net/). Here is an example: conn = Sybase.connect(hostname, , , delay_connect=1) conn.set_property(Sybase.CS_SEC_NETWORKAUTH, Sybase.CS_TRUE) conn.set_property(Sybase.CS_SEC_SERVERPRINCIPAL, principal) conn.connect() The variable principal would come from connection string. OK that is fine, is the above part of some larger pattern of connection styles ? like is there some other series of things I can do ater setting NETWORKAUTH to TRUE , other options ? if we want to make a feature out of this, it would be best to suit the whole range of use cases. Zsolt -Original Message- From: sqlalchemy@googlegroups.com [mailto:sqlalch...@googlegroups.com] On Behalf Of Michael Bayer Sent: Thursday, June 10, 2010 15:58 To: sqlalchemy@googlegroups.com Subject: Re: [sqlalchemy] Kerberos authentication with sybase if you want to show me how that's done with your DBAPI (what DBAPI is this?), sure, though if its something that you pass in via **kw to DBAPI.connect(), you can already do that by passing connect_args to create_engine(), or adding them onto the querystring db://...?foo=bar. On Jun 10, 2010, at 9:10 AM, Cserna, Zsolt wrote: Hi all, Is there any plan to add kerberos authentication to the sybase engine in sqlalchemy? I've implemented it but it's using the creator parameter of the create_engine function, which is ok, but in certain circumstances when the application using sqlalchemy uses configuration from a text file, I'm not able to do it easily (in pylons I need to modify my templates, or add a bunch of code to each project). It would be nice if sqlalchemy would be able to accept the server's principal specified in the connection string somehow - and if it's specified use kerberos to authenticate the client. Is it possible to implement this modification in sqlalchemy? I'm happy to contribute my current implementation. Thanks, Zsolt -- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.
Re: [sqlalchemy] Kerberos authentication with sybase
if you want to show me how that's done with your DBAPI (what DBAPI is this?), sure, though if its something that you pass in via **kw to DBAPI.connect(), you can already do that by passing connect_args to create_engine(), or adding them onto the querystring db://...?foo=bar. On Jun 10, 2010, at 9:10 AM, Cserna, Zsolt wrote: Hi all, Is there any plan to add kerberos authentication to the sybase engine in sqlalchemy? I've implemented it but it's using the creator parameter of the create_engine function, which is ok, but in certain circumstances when the application using sqlalchemy uses configuration from a text file, I'm not able to do it easily (in pylons I need to modify my templates, or add a bunch of code to each project). It would be nice if sqlalchemy would be able to accept the server's principal specified in the connection string somehow - and if it's specified use kerberos to authenticate the client. Is it possible to implement this modification in sqlalchemy? I'm happy to contribute my current implementation. Thanks, Zsolt -- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en. -- You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalch...@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.