A simple usecase being ignored
Kari Hurtta
hurtta at leija.mh.fmi.fi
Tue Aug 24 03:41:14 EDT 2010
Dan White <dwhite at olp.net>: (Sun Aug 15 05:57:15 2010)
[ Charset ISO-8859-1 converted... ]
> On 10/08/10 08:03 +0200, Mathias Laurenz Baumann wrote:
> > Greetings,
> >
> > I plan to use sasl for a conferencing protocol. Users would register
> > using a simple registering mechanism using the protocol itself, before
> > they link themselves to their identities.
> >
> > I don't want my server to ever know the plain-text password. So I mainly
> > want to use SCRAM and SRP. The server itself takes care of storing the
> > secrets (I define a secret as something that proves that you know the
> > password).
>
> Try using a saslauthd backend that supports hashing, such as pam_unix,
> which would use a typical crypt(1) verification on the user supplied
> password. User management can then be handled outside of libsasl and would
> not require any extensions, or use of auxprop.
>
> > For this to work, a client would simply transmit the secret (not the
> > plain password- in the registering process so the server can add it
> > to its database. There are several problems in this scenario and the
> > library as it is now.
>
> If the user is sending a pregenerated value to the server, it's really a
> password either way. For instance, what happens if the secret is captured
> over the wire by an attacker?
Hmm. On SRP server does not need know plain-text password and these
values what are send to server are not usefull -- replaying them does
not help. Values depends also what server sends as challenge.
http://srp.stanford.edu/whatisit.html
> > I was very surprised to discover that these very simple usecases are so
> > difficult to realize. I assumed this would be the normal usecase.
>
> SASL mechanisms, in the protocol sense, are not really designed to get
> involved with account management or creation. You should aim for a clear
> distinction between authentication and account management (or lack thereof)
> in your protocol design.
>
> From a server implementation perspective, if you are using the Cyrus SASL
> library to implement your SASL support, you shouldn't really know or care
> how passwords are stored. That should be a security decision made by the
> system administrator via SASL config files.
>
> Augmenting auxprop, or adding addition auxprop plugins should also be a
> separate activity from your protocol design, and server implementation.
>
> --
> Dan White
More information about the Cyrus-sasl
mailing list