Writing custom authentication plugins for Cyrus SASL
dwhite at olp.net
Fri Oct 10 17:14:20 EDT 2008
You have several options. I assume you've looked in to the SQL auxprop
plugin and determined that it is not sufficient for your needs.
You can write a custom auxprop plugin to retrieve your authentication
information from. You cannot (by design) have your auxprop plugin
perform the actual authentication itself, but you can store usernames
and passwords (in the clear). Auxprop plugins function like a database
You can write a custom saslauthd backend to perform the authentication.
Saslauthd gets passed the username and password and essentially returns
a yes or no to the server application. Stored passwords don't need to be
in the clear and can be hashed, as long as your backend has enough
knowledge to verify the submitted password against it. Using this
approach limits the number of authentication mechanisms that your IMAP
server can offer to clients. You won't be able to offer more complex
mechanisms, such as DIGEST-MD5, that require a known shared secret.
The SQL auxprop plugin might be a good plugin to base your's on.
What information are you wanting to provide the IMAP server with regards
to its location? The name of the mailbox?
Daniel Corbe wrote:
> Can you quickly give me a hit of where I need to start?
> I simply want to be given a username and password, that I can do a
> database query and acknowledge whether it is correct or not and then
> provide some basic information to the IMAP server to tell it where the
> user's INBOX is located, etc.
> Would I need to write a sasl server plugin or an auxprop plugin for this?
> On Tue, Sep 30, 2008 at 1:28 PM, Dan White <dwhite at olp.net
> <mailto:dwhite at olp.net>> wrote:
> Daniel Corbe wrote:
>> I was wondering if anyone could point me in a general direction
>> of writing a custom authentication plugin for SASL so I can get
>> Cyrus IMAP working off of my custom database.
> There is a short SASL Plugin Programmer's Guide, located in
> /doc/plugprog.html within the source.
> - Dan
More information about the Cyrus-sasl