question about auth implementation

Eric Leblond eleblond at inl.fr
Fri May 5 17:51:06 EDT 2006


> Hello,
>
> The company I work for has been using Cyrus IMAP for several years with
no problems.  However, due to some new security policies, we have to
make some
> changes in how we're authenticating.
>
> After reading the SASL docs and examining some of the plugin code, it
appears
> to me that what I need is to be able to handle the password validation
for the
> PLAIN and LOGIN authentication methods.

For handling of external password validation, you can have a look at the
NuFW project (http://www.nufw.org)

In particular look at the sasl.c file code :
    http://nufw.org/doxygen/sasl_8c-source.html
The function userdb_checkpass does the stuff :
    http://nufw.org/doxygen/sasl_8c-source.html#l00108

For your information, NuFW is an authenticating firewall based on
Netfilter. More details on the website.

>
> I've looked at the plugin that implements the PLAIN method (code in
plugins/plain.c), and it looks like I could modify that code into a new
plugin
> that will do what I need.  However, I have been unable to find the code
that
> handles the password validation for the LOGIN auth.  I have tried modifying
> the LOGIN plugin in plugins/login.c, but as far as I can tell, it isn't
being
> used.
>
> I don't have any previous experience using SASL, so I admit that I may have
> missed something that should have been obvious.
>
> Can anyone give me a suggestion on where to go from here?    If
possible, I'd
> like to confine any coding to plugins or other external routines so that
I don't have to change any of the IMAP or SASL routines.
>
> Any information on where the implementation of the IMAP LOGIN method in the
> source would be appreciated as well.
>
> Thanks
> Dan Ellison
>
>
>


Eric Leblond
INL : http://www.inl.fr
NuFW, Now User Filtering Works (http://www.nufw.org)





More information about the Cyrus-sasl mailing list