About external.ssf
Dave Cridland
dave at cridland.net
Thu Sep 1 06:02:41 EDT 2005
On Wed Aug 31 19:21:01 2005, Biswatosh wrote:
> Otherwise,if the mechanism is not EXTERNAL, what is
> the role of external.ssf?
Same as it always is. The external SSF is that provided by an
external layer, such as IPSec, TLS, etc.
As such, this affects the choice of mechanism - if there's a
requirement that only encrypted mechanisms should be used, then PLAIN
can still be used over TLS, for instance. The code you higlighted
enables this choice.
The EXTERNAL mechanism is simply an indicator to SASL that you're
intending to use some mechanism external to SASL. This might also be
provided by TLS via client certificates, but could be provided by the
use of UNIX domain sockets instead of TCP, as well. One can quite
easily be available without the other - TLS without a client
certificate provides an external ssf without making EXTERNAL
available, for instance, and I believe that TLS could operate with a
client certificate but without any encryption.
Dave.
More information about the Cyrus-sasl
mailing list