Full SASL authentication/encryption capability for the Python client was
added to the trunk at revision 834975.
A new Python module "qpidsasl" implemented in C++ and wrapped for Python
using Swig was introduced. This wrapper provides a generalized binding
to the Cyrus SASL library. The Python client tries to import this
module. If it cannot find it, it will revert to built-in capability
that only provides ANONYMOUS and PLAIN authentication mechanisms.
This module will be built under the "cpp" build if the python-devel and
swig packages are present on the development system. To use it, your
PYTHONPATH must provide access to the following files (or those files
need to be copied to where the PYTHONPATH can reach them):
$(build_dir)/bindings/sasl/python/qpidsasl.py
$(build_dir)/bindings/sasl/.libs/_qpidsasl.so
The following library is also built (it contains the C++ implemented
SASL wrapper):
$(build_dir)/bindings/sasl/.libs/libsaslwrapper.so
When creating the Connection object, you may supply the "mechanism"
argument with a space-separated list of acceptable authentication
mechanisms. If this argument is left to the default value of None
(recommended), the SASL library will pick the best available mechanism
for you.
For Kerberos5 single-sign-on, the GSSAPI mechanism is used.
Some notes/caveats:
This is not yet hooked into the newer qpid.messaging API.
This is not built under CMake yet.
This implementation is specific to Linux/Unix. It is possible that a
Windows implementation of the wrapper can be developed.
SASL EXTERNAL (i.e. use of SSL/TLS client certificates) is not yet
supported. This will be forthcoming.
Note also that I intend to add a Ruby binding to this module and move
the Ruby client to it. Ruby already has this capability but using the
same one that python uses will reduce future support headaches.
-Ted
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscr...@qpid.apache.org
