GSSAPI naming extensions
Howard Chu
hyc at highlandsun.com
Sun May 9 21:26:40 EDT 2010
I'm looking at how to utilize some of the APIs in this draft
http://tools.ietf.org/html/draft-ietf-kitten-gssapi-naming-exts-06
with SASL. My preference was to provide SASL versions of gss_inquire_name()
and gss_get_name_attribute(), so that apps using SASL don't need to call
directly into the underlying GSS API. But alternatively, I could just
implement sasl_getprop(SASL_GSS_PEER_NAME) and make the app do the gss calls
itself. Any suggestions?
Proposed wrappers would be
sasl_nameprop_list(sasl_conn_t *conn, char **propnames)
-> return the list of available attributes using gss_inquire()
sasl_nameprop_request(sasl_conn_t *conn,
const char *propname,
int *authenticated,
int *complete,
void **value,
unsigned *value_length,
char **display_value,
int *more)
-> iterate thru gss_get_name_attribute().
This would require adding the corresponding entry points to the
sasl_server_plug_t.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Cyrus-sasl
mailing list