Fwd: SASL Server Plugin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi Dan,

Thanks a lot for your reply. I dont need to implement a email server. I just need to wirte my own mechanism just like PLAIN. For this I renamed mech name to something like "sample-mech" and compiled it added the corresponding .so files in /usr/lib64/sasl2. I gave the command "sasl2-shared-mechlist" i get Available mechanisms: sample-mech. Everything is ok till now.

A small change I tried the above editing plain.c and the below explanation is about my own file (sample-mech.c).

I tried creating a sample-mech.c and compiled it and copied the .so file to /usr/lib64/sasl2, now when I give the command "sasl2-shared-mechlist". Now the mechanism name is not getting listed as above. What might be the reason for this? Do I need to  anything extra while adding a mechanism like this? Please suggest..!


On Tue, Nov 20, 2012 at 11:02 AM, Dan White <dwhite@xxxxxxx> wrote:
On 11/20/12 10:20 +0530, Mathew iprocessor wrote:

I need to implement SASL in my email client. I downloaded Cyrus-SASL and
installed it. When the client sends the "UserName" and "Password", my
server needs to verify the "UserName" and "Password" and Authenticate it.
The below are some of my doubts, Please clarify.


Within your email client, after you have captured the user's username and
password, you provide a callback to libsasl2 in which you provide that
information to the library, and you will not need to know the details of
how each of the existing mechanisms are implemented, such as PLAIN or

1) The "sasl2-sample-client" and "sasl2-sample-server" in the "bin"
directories and the "sample-client" and "sample-server" in "sample"
response are different. Where can I get the source code for

There are two sets of sample/client applications distributed within the
/sample directory of the source code. To compile both:

./configure [options]
cd sample
make sample-server
make sample-client

2) Once the "Username" and "Password" is passed from client to server, the
server needs to verify the "UserName" and "Password" and authenticate the
client. How to do this in server side? Does "sasl_checkpass" do this or can
you suggest some other best way to achieve the above?  CAN YOU PROVIDE SOME

That depends on the mechanism that was negotiated between the client and
the server. For some mechanisms, such as DIGEST-MD5 and SCRAM, the username
and password are not sent over the wire.

For the PLAIN and LOGIN mechanisms (and the older user/pass
style of authentication), where the username and password are sent, then
authentication is performed using the configured 'pwcheck_method'. See:


Are you also attempting to write an email server?

3) I tried testing "sample-client" and "sample-server"  and I get the below
response, how to solve this?

*Server Terminal:


[root@localhost sample]# ./sample-server -p 8000 -s rcmd -m PLAIN
Forcing use of mechanism PLAIN
Sending list of 1 mechanism(s)
Waiting for client mechanism...

*Client Terminal:


[root@localhost sample]# ./sample-client -s rcmd -p 8000 -m PLAIN -n
Waiting for mechanism list from server...
S: UExBSU4*=                                                   Pasted
server Response*

recieved 5 byte message
Forcing use of mechanism PLAIN
Choosing best mechanism from: PLAIN
lt-sample-client: SASL Other: No worthy mechs found
error was SASL(-4): no mechanism available: No worthy mechs found
lt-sample-client: Starting SASL negotiation: no mechanism available

You may not have the appropriate plugins installed. Use 'pluginviewer' or
'saslpluginviewer' on your system to list the available plugins. If you are
missing PLAIN, then you're likely missing some relevant packages (or you've
compiled something wrong).

Dan White

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux