diff options
author | Damien Diederen <dd@crosstwine.com> | 2020-01-22 12:53:55 +0100 |
---|---|---|
committer | Norbert Kalmar <nkalmar@apache.org> | 2020-01-22 12:53:55 +0100 |
commit | c234848caef0cc920f19befd1b0b14251b17da92 (patch) | |
tree | 828dd02cca71dab3376e1c82753649cc941a975a /README_packaging.md | |
parent | b7dd0e49c5b25fffc1be8e619a3164bc680ef8bd (diff) | |
download | zookeeper-c234848caef0cc920f19befd1b0b14251b17da92.tar.gz |
ZOOKEEPER-1112: Add (Cyrus) SASL authentication support to C client library
This is a "respin" of https://github.com/apache/zookeeper/pull/1054, which I withdrew due to some annoying shortcomings.
This changeset allows C clients to use SASL to authenticate with the ZooKeeper server. It is loosely based on patches #1 and #2 by Tom Klonikowski, at https://reviews.apache.org/r/2252/, but the result has been extensively reworked to follow the semantics of the Java client:
* No SASL operations are exposed through the API;
* The configuration is provided, and stored, at "handle init time";
* SASL authentication is automatically performed after each (re)connect.
It introduces an optional dependency on the Cyrus SASL library, which can either be autodetected (default) or configured using the `--without-sasl`/`--with-sasl[=DIR]` flags, or -DWITH_CYRUS_SASL for CMake/Windows.
`TestServerRequireClientSASLAuth.cc` has been renamed to `TestSASLAuth.cc`, and a test has been added which successfully (re)authenticates using the `DIGEST-MD5` mechanism. The code has also been used to successfully authenticate clients via `GSSAPI`/Kerberos.
This commit also adds SASL support to the `cli.c` client.
Co-authored-by: Tom Klonikowski <klonik_tinformatik.haw-hamburg.de>
Author: Damien Diederen <dd@crosstwine.com>
Reviewers: Mate Szalay-Beko <szalay.beko.mate@gmail.com>, Norbert Kalmar <nkalmar@apache.org>
Closes #1134 from ztzg/ZOOKEEPER-1112-c-client-sasl-support-v2
Diffstat (limited to 'README_packaging.md')
-rw-r--r-- | README_packaging.md | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/README_packaging.md b/README_packaging.md index b290dd9f9..5c9da96ee 100644 --- a/README_packaging.md +++ b/README_packaging.md @@ -9,7 +9,7 @@ http://bigtop.apache.org/ ## Requirements - you need maven to build the java code -- gcc, cppunit, openssl and python-setuptools are required to build C and python bindings. (only needed when using `-Pfull-build`) +- gcc, cppunit, openssl and python-setuptools are required to build C and python bindings (only needed when using `-Pfull-build`). Cyrus SASL is optional, but recommended for a maximally functional client. On RHEL machine: @@ -17,6 +17,7 @@ On RHEL machine: yum install cppunit yum install python-setuptools yum install openssl openssl-devel +yum install cyrus-sasl-md5 cyrus-sasl-gssapi cyrus-sasl-devel ``` On Ubuntu: @@ -25,6 +26,7 @@ On Ubuntu: apt-get install cppunit apt-get install python-setuptools apt-get install openssl libssl-dev +apt-get install libsasl2-modules-gssapi-mit libsasl2-modules libsasl2-dev ``` @@ -63,7 +65,9 @@ Optional parameters you might consider when using maven: Use `-Dc-client-openssl=no` to explicitly disable SSL feature in C client. Or use `-Dc-client-openssl=/path/to/openssl/` if you want to use a non-default / specific openssl library location. - +- `-Dc-client-sasl` - specify SASL support and Cyrus SASL 1.x library location. Works similarly to the + `c-client-openssl` flag above (`yes`, `no`, or path). + Please note: if you don't provide the `-Pfull-build` parameter, then the C client will not be built, the C client tests will not be executed and the previous C client builds will no be cleaned up (e.g. with simply using `mvn clean`). |