Password accessing in CRAM-MD5 authentication

Alexey Melnikov alexey.melnikov at isode.com
Wed Feb 14 16:39:57 EST 2007


Denis Malyshkin wrote:

>Hello Alexey,
>
>Wednesday, February 7, 2007, 11:50:11 PM, Alexey Melnikov wrote:
>  
>
>>>Does SASL 2 use another way for the caller-supplied database for
>>>CRAM-MD5 mechanism ?
>>>      
>>>
>AM> Yes. You should write your own auxprop plugin. Look at plugins/sasldb.c
>AM> (or plugins/sql.c) for an example.
>
>  Thanks a lot. It works!
>
>  But I have two other questions:
>
>1. My application is written in C++, so it can have multiple objects
>"SMTP-Server" at run-time. SASL plugins have only one "void *"
>parameter which used in global plugin initialization. How can I
>associate different user/password databases to different servers
>(different classes instance in one application) ?
>  
>
The best you can get with the current API is having multiple instances 
of the same plugin, each creating a different instance of your class.

>2. Also we use library 'libetpan' and we need to encapsulate both
>server and client into the one application. But 'libetpan' often calls
>sasl_client_init()/sasl_done(). After sasl_done() SASL server part
>also is terminated. Do you have any suggestions in that case ?  How
>should client completely terminate his SASL session without
>interfering server sessions ?
>  
>
There is a patch to Cyrus SASL that can do proper reference counting. 
E.g. if an application calls both sasl_client_init and sasl_server_init, 
it will have to call sasl_done twice. And only the second call to 
sasl_done will destroy internal objects.

Rob Siemborski didn't want to integrate it, because he was worried that 
this would break existing applications, which expect the current 
(broken) behavior.



More information about the Cyrus-sasl mailing list