Darren Oh wrote:
My understanding of SASL digest authentication is that it is intended
to be compatible with HTTP digest authentication.
In theory yes, but the DIGEST-MD5 is not trying to be compatible with
Http Digest.
But it can probably be extended to do what you want.
However, when experimenting with sasl-sample-server I was unable to
find some capabilities which are necessary for this purpose:
• Ability to specify different realms for password file and
authentication string.
I know of only 1 realm option. Are you talking about the same thing?
Internet Explorer and Opera try to reuse old credentials, even after
multiple authentication failures. The only way to prevent this is to
change the realm.
• Ability to specify connection method. The default SASL connection
method is Authenticate, which is not used by HTTP.
This can be done using sasl_getprop/sasl_setprop API.
• Ability to save nonce for future requests. Retrieving a nonce value
and sending an authorization string by HTTP would be two separate
requests.
sasl_getprop/sasl_setprop again. But why do you need to keep server
nonce constant?
• Ability to start with client data. After receiving the nonce value,
the client sends an authentication string without waiting for a
challenge from the server.
I think this functionality is already present.
I would prefer to use a standard tool for authentication than to
create a custom program. Are these abilities present in the Cyrus SASL
library?
