S22.Sasl icon indicating copy to clipboard operation
S22.Sasl copied to clipboard

Published 20 hours ago verified publisher icon smiley22

Adjustments & fixes enabling ZooKeeper DIGEST-MD5 authentication

Open ztzg opened this issue 5 years ago • 3 comments

Hi @smiley22,

I have recently opened https://github.com/ewhauser/zookeeper/pull/38#issue-343389842 which adds initial SASL support to @ewhauser's pure .NET ZooKeeper client.

I used your implementation of DIGEST-MD5 to test it, and encountered a few interoperability issues which are fixed by the attached patches.

Would you be willing to pull them?

On a related note, it would be great to have GSSAPI support. I have found https://github.com/SteveSyfuhs/Kerberos.NET/issues/9, which is very interesting and promising, but still seems to be missing some pieces:

SASL would be relatively straightforward to build out, though it's not clear how that would tie into GSS APIs.

There is also the possibility of using the MIT Kerberos implementation, for which https://github.com/SIGAN/gssapi already contains P/Invoke stubs. (I don't think it is complete enough for SASL support, but it should be possible to add the missing APIs.)

What do you think?

ztzg avatar Nov 20 '19 15:11 ztzg

Hi @smiley22,

Any interest in this patch?

Cheers, -D

ztzg avatar Dec 11 '19 10:12 ztzg

The commits were tested by me, it worked & fixed the DIGEST-MD5 authentication! thank you @ztzg

Great! You're welcome.

ztzg avatar May 11 '20 19:05 ztzg

Dear @ztzg: Can you look for have more security?

DIGEST-MD5 is obsolete and replaced by SCRAM: https://github.com/smiley22/S22.Sasl/issues/4

Can you help?

Thanks in advance.

Neustradamus avatar Nov 12 '20 09:11 Neustradamus