qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gordon Sim" <g...@redhat.com>
Subject Re: Review Request 38863: Add toggle to control sasl layer to proton.reactor.Container
Date Wed, 30 Sep 2015 11:27:41 GMT


> On Sept. 30, 2015, 10:25 a.m., Justin Ross wrote:
> > I know sasl_layer is what qpid jms is using, but I think sasl_enabled is better
name.  It's what I would hunt for if I wanted to turn sasl on or off.  sasl_layer is not self
evidently an on/off attribute; it looks like something that could take other values; this
is some user uncertainty we can avoid.

I would have chosen sasl_enabled as well. I guess its a question of how you weight consistency
versus prefered name. I think if the documentation is updated to include clear mention of
these options (note to self!) it mitigates disadvantages either way.


- Gordon


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38863/#review101104
-----------------------------------------------------------


On Sept. 29, 2015, 9:56 p.m., Gordon Sim wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38863/
> -----------------------------------------------------------
> 
> (Updated Sept. 29, 2015, 9:56 p.m.)
> 
> 
> Review request for qpid, Justin Ross and Ted Ross.
> 
> 
> Bugs: PROTON-1008
>     https://issues.apache.org/jira/browse/PROTON-1008
> 
> 
> Repository: qpid-proton-git
> 
> 
> Description
> -------
> 
> There is no direct and easy way to control whether a sasl layer is used or not that works
for all cases. Prior to the 0.10 release, specifying a username was the trigger to enable
sasl. However for EXTERNAL or GSSAPI that doesn't work as well. This patch proposes adding
an explicit toggle to either enable or disable the use of sasl. It is enabled by default (ANONYMOUS
is then a simple way of avoiding actual authentication if not needed), but can be disabled
at the container- or connection- level.
> 
> For consistency I've also allowec connection level overrding of the allowed_mechs and
allow_insecure_mechs options.
> 
> 
> Diffs
> -----
> 
>   proton-c/bindings/python/proton/reactor.py 8de5d89 
> 
> Diff: https://reviews.apache.org/r/38863/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Gordon Sim
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message