Windows Interop

Kai Blin blin at gmx.net
Fri Jan 12 18:23:23 EST 2007


On Friday 12 January 2007 06:41, Henry B. Hotz wrote:
> On Jan 11, 2007, at 2:03 PM, Kai Blin wrote:
> > On Thursday 11 January 2007 19:42, Henry B. Hotz wrote:
> >> Windows does have a SASL API.  It's layered on top of the SSPI, and
> >> msdn documents the calls themselves.  I would assume that they work,
> >> at least for email clients.
> >
> > Are there any apps out there that use this at all? As far as I can
> > tell, SSPI
> > itself is only used by a handful of applications. The SASL api
> > seems to be
> > quite new, and used on server platforms only.
>
> No fair, I was asking you that!! ;-)
>ut 
> Can you even tell from the doc's if it's a client or server API? 

Well, it has SaslAcceptSecurityContext, which according to the docs wraps 
AcceptSecurityContext, which is the function the server calls to authenticate 
the client. There's also SaslInitializeSecurityContext, which is the function 
the client calls to generate the auth request and to handle the auth  
challenges the server sends. But in the case of forwarded credentials, a 
server could call that, too.

Looking at the "Requirements", it only lists "Server: Requires Windows Server 
"Longhorn", Windows Server 2003, or Windows 2000 Server."

Usually, it also lists clients there, but there's no such listing for the 
Sasl* functions. If we're willing to trust MSDN in that aspect, I'd say it's 
a server side api.

> As to the SSPI, I thought that IE/IIS use it.

To my knowlede, it's used by IIS and the MS Proxy server to authenticate 
users, so IE uses it, too. MS Exchange uses it, so MS Outlook uses it, too. 
MS SQL server uses it, as does some distributed build plugin for Visual 
Studio. Those are the only use cases I know of so far, apart from a couple of 
demo apps. Only the Visual Studio plugin was not written by Microsoft. I 
would say that SSPI is pretty much an in-house API.

> Have you seen any email apps that use the API?  That's the use I
> would expect.

MS Outlook does not use it. I'm certain on that one, as I've spent my summer 
helping to get Outlook networking to work in Wine. IE doesn't use it either, 
for all I know. As MSDN hints that this is a server side API, maybe one of 
the server apps uses it, but I'd even doubt that.

Cheers,
Kai

-- 
Kai Blin, <blin At gmx Dot net>
WorldForge developer    http://www.worldforge.org/
Wine developer          http://wiki.winehq.org/KaiBlin/
--
Ninjas and Pirates agree: Cowboys suck!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20070113/c6852beb/attachment.bin


More information about the Cyrus-sasl mailing list