Mapping User/Password to SASL Exchanges

Henry B. Hotz hotz at jpl.nasa.gov
Tue Jun 22 19:20:13 EDT 2010


On Jun 22, 2010, at 2:53 PM, Henry B. Hotz wrote:

> Suppose I have a defined Java API which specifies arguments Username and Password for opening a new session.  The implementation and protocol is officially unspecified, so we can do whatever we want with those arguments.
> 
> How can/should I map between those arguments and SASL if I want to implement the real connection using SASL?  Is there any "prior art" like this?
> 
> I'm thinking that the username should map to either the authentication ID, and the "password"

Should say:  "username should map to the authorization ID".

> could be either some kind of description like MECH:[credential location] or an actual binary blob, or maybe empty (in favor of some system properties).  If someone else has defined a translation like this in a generic way, I'd like to go with that.
> 
> If it matters, the actual example is a JMS implementation.

------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu





More information about the Cyrus-sasl mailing list