GSSAPI naming extensions
Alexey Melnikov
alexey.melnikov at isode.com
Thu Jun 10 06:01:16 EDT 2010
Howard Chu wrote:
> I'm looking at how to utilize some of the APIs in this draft
> http://tools.ietf.org/html/draft-ietf-kitten-gssapi-naming-exts-06
> with SASL. My preference was to provide SASL versions of
> gss_inquire_name() and gss_get_name_attribute(), so that apps using
> SASL don't need to call directly into the underlying GSS API. But
> alternatively, I could just implement sasl_getprop(SASL_GSS_PEER_NAME)
> and make the app do the gss calls itself. Any suggestions?
>
> Proposed wrappers would be
>
> sasl_nameprop_list(sasl_conn_t *conn, char **propnames)
> -> return the list of available attributes using gss_inquire()
>
> sasl_nameprop_request(sasl_conn_t *conn,
> const char *propname,
> int *authenticated,
> int *complete,
> void **value,
> unsigned *value_length,
> char **display_value,
> int *more)
> -> iterate thru gss_get_name_attribute().
>
> This would require adding the corresponding entry points to the
> sasl_server_plug_t.
After thinking a bit more about this, I think this is sensible.
You would also need to bump the SASL plugin version number (in saslplug.h):
#define SASL_SERVER_PLUG_VERSION ...
More information about the Cyrus-sasl
mailing list