Fwd: SASL Server Plugin

Mathew iprocessor i9processor at gmail.com
Wed Nov 21 03:53:48 EST 2012


Hi Dan,

Thanks a lot for your reply. I dont need to implement a email server. I
just need to wirte my own mechanism just like PLAIN. For this I renamed
mech name to something like "sample-mech" and compiled it added the
corresponding .so files in /usr/lib64/sasl2. I gave the command
"sasl2-shared-mechlist" i get Available mechanisms: sample-mech. *Everything
is ok till now.*

A small change I tried the above editing plain.c and the below explanation
is about my own file (sample-mech.c).

*I tried creating a sample-mech.c and compiled it and copied the .so file
to /usr/lib64/sasl2, now when I give the command "sasl2-shared-mechlist".
Now the mechanism name is not getting listed as above. What might be the
reason for this? Do I need to  anything extra while adding a mechanism like
this? *Please suggest..!




On Tue, Nov 20, 2012 at 11:02 AM, Dan White <dwhite at olp.net> wrote:

> On 11/20/12 10:20 +0530, Mathew iprocessor wrote:
>
>> Hi,
>>
>> I need to implement SASL in my email client. I downloaded Cyrus-SASL and
>> installed it. When the client sends the "UserName" and "Password", my
>> server needs to verify the "UserName" and "Password" and Authenticate it.
>> The below are some of my doubts, Please clarify.
>>
>
> See:
> http://www.cyrussasl.org/docs/**cyrus-sasl/2.1.25/programming.**php<http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/programming.php>
>
> Within your email client, after you have captured the user's username and
> password, you provide a callback to libsasl2 in which you provide that
> information to the library, and you will not need to know the details of
> how each of the existing mechanisms are implemented, such as PLAIN or
> DIGEST-MD5.
>
>
>  1) The "sasl2-sample-client" and "sasl2-sample-server" in the "bin"
>> directories and the "sample-client" and "sample-server" in "sample"
>> response are different. Where can I get the source code for
>> "sasl2-sample-server"?
>>
>
> There are two sets of sample/client applications distributed within the
> /sample directory of the source code. To compile both:
>
> ./configure [options]
> cd sample
> make
> make sample-server
> make sample-client
>
>
>  2) Once the "Username" and "Password" is passed from client to server, the
>> server needs to verify the "UserName" and "Password" and authenticate the
>> client. How to do this in server side? Does "sasl_checkpass" do this or
>> can
>> you suggest some other best way to achieve the above?  CAN YOU PROVIDE
>> SOME
>> CODE SNIPPETS FOR THIS?
>>
>
> That depends on the mechanism that was negotiated between the client and
> the server. For some mechanisms, such as DIGEST-MD5 and SCRAM, the username
> and password are not sent over the wire.
>
> For the PLAIN and LOGIN mechanisms (and the older user/pass
> style of authentication), where the username and password are sent, then
> authentication is performed using the configured 'pwcheck_method'. See:
>
> http://www.cyrussasl.org/docs/**cyrus-sasl/2.1.25/options.php<http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/options.php>
>
> Are you also attempting to write an email server?
>
>  3) I tried testing "sample-client" and "sample-server"  and I get the
>> below
>> response, how to solve this?
>>
>> *Server Terminal:
>>
>> *
>>
>> [root at localhost sample]# ./sample-server -p 8000 -s rcmd -m PLAIN
>> Forcing use of mechanism PLAIN
>> Sending list of 1 mechanism(s)
>> S: UExBSU4=
>> Waiting for client mechanism...
>>
>> *Client Terminal:
>>
>>
>> *
>>
>> [root at localhost sample]# ./sample-client -s rcmd -p 8000 -m PLAIN -n
>> 127.0.0.1
>> service=rcmd
>> Waiting for mechanism list from server...
>> S: UExBSU4*=                                                   Pasted
>> server Response*
>>
>> recieved 5 byte message
>> Forcing use of mechanism PLAIN
>> Choosing best mechanism from: PLAIN
>> lt-sample-client: SASL Other: No worthy mechs found
>> error was SASL(-4): no mechanism available: No worthy mechs found
>> lt-sample-client: Starting SASL negotiation: no mechanism available
>>
>
> You may not have the appropriate plugins installed. Use 'pluginviewer' or
> 'saslpluginviewer' on your system to list the available plugins. If you are
> missing PLAIN, then you're likely missing some relevant packages (or you've
> compiled something wrong).
>
> --
> Dan White
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20121121/0f49d844/attachment.html 


More information about the Cyrus-sasl mailing list