saslauthd and multiple mechs

Henry B. Hotz hotz at jpl.nasa.gov
Wed Jun 16 19:03:13 EDT 2010


If you go back a few years there's an exchange between Simon Wilkinson and me where he describes how to do it.  Basically you get the server's list of available mech's, try to connect, if it fails then you erase the chosen (failed) mech from the list and start over.  You stop on success or when the error returned is no available mechs.  This is programmatically more complex than the published sample code.

The opposing viewpoint (from Ken Hornstein, who also deserves respect) is that it makes everything more complex and less reliable, and you're better off just picking a single one for any given specific usage of SASL, even if your server supports more than one.

On Jun 16, 2010, at 2:24 PM, Mike Culbertson wrote:

> I'm aware that this has come up before 
> (http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2007-September/001188.html) 
> but (on Debian) the manpage for saslauthd states:
> 
> saslauthd supports one or more "authentication mechanisms"
> 
> so it's not entirely clear what the correct answer is.  Is there any way 
> at all to use multiple auth mechs, aside from doing it through PAM?
> 
> TIA
> 
> - Mike

------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu





More information about the Cyrus-sasl mailing list