Re: Writing custom authentication plugins for Cyrus SASL

From: Dan White (no email)
Date: Fri Oct 10 2008 - 17:14:20 EDT

  • Next message: Daniel Corbe: "Re: Writing custom authentication plugins for Cyrus SASL"

    Daniel,

    You have several options. I assume you've looked in to the SQL auxprop
    plugin and determined that it is not sufficient for your needs.

    You can write a custom auxprop plugin to retrieve your authentication
    information from. You cannot (by design) have your auxprop plugin
    perform the actual authentication itself, but you can store usernames
    and passwords (in the clear). Auxprop plugins function like a database
    store.

    You can write a custom saslauthd backend to perform the authentication.
    Saslauthd gets passed the username and password and essentially returns
    a yes or no to the server application. Stored passwords don't need to be
    in the clear and can be hashed, as long as your backend has enough
    knowledge to verify the submitted password against it. Using this
    approach limits the number of authentication mechanisms that your IMAP
    server can offer to clients. You won't be able to offer more complex
    mechanisms, such as DIGEST-MD5, that require a known shared secret.

    The SQL auxprop plugin might be a good plugin to base your's on.

    What information are you wanting to provide the IMAP server with regards
    to its location? The name of the mailbox?

    - Dan

    Daniel Corbe wrote:
    > Can you quickly give me a hit of where I need to start?
    >
    > I simply want to be given a username and password, that I can do a
    > database query and acknowledge whether it is correct or not and then
    > provide some basic information to the IMAP server to tell it where the
    > user's INBOX is located, etc.
    >
    > Would I need to write a sasl server plugin or an auxprop plugin for this?
    >
    > -Daniel
    >
    > On Tue, Sep 30, 2008 at 1:28 PM, Dan White <
    > <mailto:>> wrote:
    >
    > Daniel Corbe wrote:
    >> Hi,
    >>
    >> I was wondering if anyone could point me in a general direction
    >> of writing a custom authentication plugin for SASL so I can get
    >> Cyrus IMAP working off of my custom database.
    >>
    >> Thanks.
    >>
    >> -Daniel
    >>
    >
    > There is a short SASL Plugin Programmer's Guide, located in
    > /doc/plugprog.html within the source.
    >
    > - Dan
    >
    >


  • Next message: Daniel Corbe: "Re: Writing custom authentication plugins for Cyrus SASL"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD