On 11/20/12 10:20 +0530, Mathew iprocessor wrote:
Hi, I need to implement SASL in my email client. I downloaded Cyrus-SASL and installed it. When the client sends the "UserName" and "Password", my server needs to verify the "UserName" and "Password" and Authenticate it. The below are some of my doubts, Please clarify.
See: http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/programming.php Within your email client, after you have captured the user's username and password, you provide a callback to libsasl2 in which you provide that information to the library, and you will not need to know the details of how each of the existing mechanisms are implemented, such as PLAIN or DIGEST-MD5.
1) The "sasl2-sample-client" and "sasl2-sample-server" in the "bin" directories and the "sample-client" and "sample-server" in "sample" response are different. Where can I get the source code for "sasl2-sample-server"?
There are two sets of sample/client applications distributed within the /sample directory of the source code. To compile both: ./configure [options] cd sample make make sample-server make sample-client
2) Once the "Username" and "Password" is passed from client to server, the server needs to verify the "UserName" and "Password" and authenticate the client. How to do this in server side? Does "sasl_checkpass" do this or can you suggest some other best way to achieve the above? CAN YOU PROVIDE SOME CODE SNIPPETS FOR THIS?
That depends on the mechanism that was negotiated between the client and the server. For some mechanisms, such as DIGEST-MD5 and SCRAM, the username and password are not sent over the wire. For the PLAIN and LOGIN mechanisms (and the older user/pass style of authentication), where the username and password are sent, then authentication is performed using the configured 'pwcheck_method'. See: http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/options.php Are you also attempting to write an email server?
3) I tried testing "sample-client" and "sample-server" and I get the below response, how to solve this? *Server Terminal: * [root@localhost sample]# ./sample-server -p 8000 -s rcmd -m PLAIN Forcing use of mechanism PLAIN Sending list of 1 mechanism(s) S: UExBSU4= Waiting for client mechanism... *Client Terminal: * [root@localhost sample]# ./sample-client -s rcmd -p 8000 -m PLAIN -n 127.0.0.1 service=rcmd Waiting for mechanism list from server... S: UExBSU4*= Pasted server Response* recieved 5 byte message Forcing use of mechanism PLAIN Choosing best mechanism from: PLAIN lt-sample-client: SASL Other: No worthy mechs found error was SASL(-4): no mechanism available: No worthy mechs found lt-sample-client: Starting SASL negotiation: no mechanism available
You may not have the appropriate plugins installed. Use 'pluginviewer' or 'saslpluginviewer' on your system to list the available plugins. If you are missing PLAIN, then you're likely missing some relevant packages (or you've compiled something wrong). -- Dan White
