Mapping User/Password to SASL Exchanges

Henry B. Hotz hotz at jpl.nasa.gov
Tue Jun 22 17:53:53 EDT 2010


Suppose I have a defined Java API which specifies arguments Username and Password for opening a new session.  The implementation and protocol is officially unspecified, so we can do whatever we want with those arguments.

How can/should I map between those arguments and SASL if I want to implement the real connection using SASL?  Is there any "prior art" like this?

I'm thinking that the username should map to either the authentication ID, and the "password" could be either some kind of description like MECH:[credential location] or an actual binary blob, or maybe empty (in favor of some system properties).  If someone else has defined a translation like this in a generic way, I'd like to go with that.

If it matters, the actual example is a JMS implementation.
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu





More information about the Cyrus-sasl mailing list