Multiple-Mechanism Sample Code?
Henry B. Hotz
hotz at jpl.nasa.gov
Wed Jan 3 19:23:37 EST 2007
On Jan 3, 2007, at 3:03 PM, Dave Cridland wrote:
>> Unless you can tell me that there is a properly-documented API for
>> an ACAP library that's deployed on as many platforms (including
>> Java) as SASL already is, *AND* that it's no harder to write/
>> modify an application to use ACAP than it is to use SASL, then
>> I'm not interested. Sorry. You're welcome to try to convince
>> me, but it sounds off-topic for this list.
> ACAP is merely an example of a protocol that got the SASL profile
> right, not a replacement for SASL. It does the full range of
> signalling required, so you know what to do on failure, and it also
> handles both initial responses and data on success, to drop the
> round-trip count.
OK, I'll consider it an example to look at (once I have the basics I
already understand done).
>> In my current experiments Cyrus SASL doesn't appear to work when
>> you call sasl_client_start() with the second mechanism to try.
>> There are a lot of variables here, and a better-than-even chance
>> the problem is in my code, not the library. Once I have
>> something properly working I'll revisit this issue. I gather
>> you're claiming that ACAP solves this (and other) problems. See
>> above.
> No, sasl_client_new() is once per connection. sasl_client_start()
> is once per authentication attempt. <sasl/sasl.h> has some useful
> documentation, look for "Basic client model".
Saw that. It's the only documentation I found that even partly
covered how to try multiple mechanisms. At least for my (lack of)
experience, it wasn't adequate for my first attempt. I've since
gotten an outline from Simon W. which is more apropos.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Cyrus-sasl
mailing list