New authentication method

Alexey Melnikov alexey.melnikov at isode.com
Mon Nov 28 09:36:59 EST 2005


Joe Ammann wrote:

>Hi all
>
>I've been tasked to implement a new way of authentication for SASL, which 
>works like this: A HTTP POST request with username, cleartext password and 
>realm is passed to a webserver which either answers with a HTTP 200 response 
>(meaning authentication is ok) or a HTTP 403 response (meaning that 
>authentication failed).
>
>I have used SASL purely as an administrator until now, this is the first time 
>I looked into extending it. After reading docs and the source, I have come up 
>with the following conclusions/possibilities to tackle this task:
>
>1) An auxprop plugin is not adequate, because such a plugin would need to 
>fetch the password from somewhere and return it to SASL, which then performs 
>the verification. This does not fit the pattern at hand.
>  
>
Correct.

>2) A saslauthd mech type (like PAM or RIMAP) looks like an easy way to go, but 
>saslauthd does not seem to have a "runtime plugin concept" (with shared 
>libraries). I would need to change the source of saslauthd an replace the 
>existing binary on the machine.
>  
>
saslauthd has replaced the pwcheck daemon. So I think this is the proper 
way.

>3) The pwcheck daemon would probably be the easiest to implement, but again, 
>this would mean to replace the existing pwcheck daemon program (and also rely 
>on the fact that the SASL implementation on the system has been compiled with 
>pwcheck support)
>
>Am I correct that these are the simple options I have. Of course, I could also 
>implement a totally new pwcheck_method, or even a full plugin, but either of 
>these look too complicated to me.
>
>Before I go into more detail, I'd like to know if I overlooked something? 
>Feedback is most welcome - and as I said, this is the first time I look into 
>SASL, so I might be totally wrong with my ideas :-)
>
>CU, Joe
>
>  
>


-- 
Alexey Melnikov
__________________________________________
Isode M-Box Message Store developer
http://www.isode.com/products/m-box.html

IETF standard related pages:
http://www.melnikov.ca/mel/devel/Links.html

Personal Home Page: http://www.melnikov.ca
__________________________________________



More information about the Cyrus-sasl mailing list