Password accessing in CRAM-MD5 authentication

Alexey Melnikov alexey.melnikov at isode.com
Wed Feb 7 12:50:11 EST 2007


Denis Malyshkin wrote:

>Hello,
>
>  I'm writing an SMTP-server application that maintain its own
>user/password database. How can I use Cyrus-SASL with my application
>for CRAM-MD5 (DIGEST-MD5 and so on) authentication ?
>
>  For PLAIN & LOGIN mechanisms Cyrus-SASL has a callback
>sasl_server_userdb_checkpass_t which allows to check username &
>password agains the caller-supplied database.
>
>  I think, another callback, which gets an username (and, possible, a
>realm) and return plain-text password back to the SASL engine, will be
>appropriate for my needs.
>
> An hour later:
>  I found that SASL 1 had sasl_server_getsecret_t callback which did
>something like I need.  Why was this callback removed in SASL 2 ?
>  
>
I am afraid I don't know the answer to this.

>Does SASL 2 use another way for the caller-supplied database for
>CRAM-MD5 mechanism ?
>
Yes. You should write your own auxprop plugin. Look at plugins/sasldb.c 
(or plugins/sql.c) for an example.

>  I would be very appreciative of examples or any
>hints.
>  
>



More information about the Cyrus-sasl mailing list