Writing custom authentication plugins for Cyrus SASL

Dan White dwhite at olp.net
Fri Oct 10 17:14:20 EDT 2008 

Daniel,

You have several options. I assume you've looked in to the SQL auxprop 
plugin and determined that it is not sufficient for your needs.

You can write a custom auxprop plugin to retrieve your authentication 
information from. You cannot (by design) have your auxprop plugin 
perform the actual authentication itself, but you can store usernames 
and passwords (in the clear). Auxprop plugins function like a database 
store.

You can write a custom saslauthd backend to perform the authentication. 
Saslauthd gets passed the username and password and essentially returns 
a yes or no to the server application. Stored passwords don't need to be 
in the clear and can be hashed, as long as your backend has enough 
knowledge to verify the submitted password against it. Using this 
approach limits the number of authentication mechanisms that your IMAP 
server can offer to clients. You won't be able to offer more complex 
mechanisms, such as DIGEST-MD5, that require a known shared secret.

The SQL auxprop plugin might be a good plugin to base your's on.

What information are you wanting to provide the IMAP server with regards 
to its location? The name of the mailbox?

- Dan


Daniel Corbe wrote:
> Can you quickly give me a hit of where I need to start?
>
> I simply want to be given a username and password, that I can do a 
> database query and acknowledge whether it is correct or not and then 
> provide some basic information to the IMAP server to tell it where the 
> user's INBOX is located, etc.
>
> Would I need to write a sasl server plugin or an auxprop plugin for this?
>
> -Daniel
>
> On Tue, Sep 30, 2008 at 1:28 PM, Dan White <dwhite at olp.net 
> <mailto:dwhite at olp.net>> wrote:
>
>     Daniel Corbe wrote:
>>     Hi,
>>
>>     I was wondering if anyone could point me in a general direction
>>     of writing a custom authentication plugin for SASL so I can get
>>     Cyrus IMAP working off of my custom database.
>>
>>     Thanks.
>>
>>     -Daniel
>>
>
>     There is a short SASL Plugin Programmer's Guide, located in
>     /doc/plugprog.html within the source.
>
>     - Dan
>
>

More information about the Cyrus-sasl mailing list