Re: pwcheck_method and GSSAPI

From: Jukka Salmi (jukka-asg at 2004 dot salmi dot ch)
Date: Tue Jun 29 2004 - 06:29:58 EDT

  • Next message: Andreas: "pwcheck_method and GSSAPI"

    Andreas --> cyrus-sasl (2004-06-28 17:14:13 -0300):
    > GSSAPI seems to be "different". In order to use, say, DIGEST-MD5, I need
    > something to store the secret, like sasldb, sql or even ldapdb. These are
    > auxprop mechanisms. GSSAPI seems to go around this, and it obviously doesn't
    > use saslauthd since it's not a plaintext mechanism. So, would it be correct
    > that there are 3 classes of authentication mechanisms?
    > - shared secret (which need an auxprop plugin)
    > - plaintext (pwcheck_method set to saslauthd)
    > - gssapi (nothing else needed, pwcheck_method not relevant?)

    According to the SASL documentation[1] (see below "Plugins (SASL Mechanisms")
    you're (almost) right.

    BTW, you can use saslauthd to do plaintext authentication with a Kerberos
    system (and thus nullify most of Kerberos' benefits...).

    Regards, Jukka


    bashian roulette:
    $ ((RANDOM%6)) || rm -rf ~

  • Next message: Andreas: "pwcheck_method and GSSAPI"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD