question about auth implementation
Eric Leblond
eleblond at inl.fr
Fri May 5 17:51:06 EDT 2006
> Hello,
>
> The company I work for has been using Cyrus IMAP for several years with
no problems. However, due to some new security policies, we have to
make some
> changes in how we're authenticating.
>
> After reading the SASL docs and examining some of the plugin code, it
appears
> to me that what I need is to be able to handle the password validation
for the
> PLAIN and LOGIN authentication methods.
For handling of external password validation, you can have a look at the
NuFW project (http://www.nufw.org)
In particular look at the sasl.c file code :
http://nufw.org/doxygen/sasl_8c-source.html
The function userdb_checkpass does the stuff :
http://nufw.org/doxygen/sasl_8c-source.html#l00108
For your information, NuFW is an authenticating firewall based on
Netfilter. More details on the website.
>
> I've looked at the plugin that implements the PLAIN method (code in
plugins/plain.c), and it looks like I could modify that code into a new
plugin
> that will do what I need. However, I have been unable to find the code
that
> handles the password validation for the LOGIN auth. I have tried modifying
> the LOGIN plugin in plugins/login.c, but as far as I can tell, it isn't
being
> used.
>
> I don't have any previous experience using SASL, so I admit that I may have
> missed something that should have been obvious.
>
> Can anyone give me a suggestion on where to go from here? If
possible, I'd
> like to confine any coding to plugins or other external routines so that
I don't have to change any of the IMAP or SASL routines.
>
> Any information on where the implementation of the IMAP LOGIN method in the
> source would be appreciated as well.
>
> Thanks
> Dan Ellison
>
>
>
Eric Leblond
INL : http://www.inl.fr
NuFW, Now User Filtering Works (http://www.nufw.org)
More information about the Cyrus-sasl
mailing list