2009/5/29 Bron Gondwana <brong@xxxxxxxxxxx>:>> - custom authentification mechanism (for single sign-on purpose,>> because kerberos doesn't fit everywhere)>> BYO saslauthd protocol daemon. We have one written in Perl that does> all sorts of clever. Just put this in your imapd.conf>> sasl_pwcheck_method: saslauthd>> And have your daemon listen on a unix socket at:>> /var/state/saslauthd/mux>> You need to speak the saslauthd protocol, which is a packed string> format. We parse it in Perl like this:>> my $LoginName = get_counted_string($Self->{server}{client});> my $Password = get_counted_string($Self->{server}{client});> my $Service = lc get_counted_string($Self->{server}{client});> my $Realm = get_counted_string($Self->{server}{client});>> And return one of:>> use constant SASL_SUCC_RESP => pack("nA3", 2, "OK\000");> use constant SASL_FAIL_RESP => pack("nA3", 2, "NO\000");>> (with this function - slightly ugly code, but it works)>> sub get_counted_string {> my $fh = shift;>> my ($rd, $data);>> ($rd = sysread($fh, $data, 2) ) == 2> or die "Unable to read counted string size ($rd != 2) ($!)";>> my $size = unpack("n", $data);>> $data = ''; $rd = 0; my $this_data = ''; my $rem_size = $size;> while (my $this_rd = sysread($fh, $this_data, $rem_size)) {> $rd += $this_rd;> $rem_size -= $this_rd;> $data .= $this_data;> }> die "Unable to read counted string data ($rd != $size) ($!)"> unless ($rd == $size);>> return unpack("A$size", $data);> }>
Thank you very much. This was so obvious but we might have sought thatreplacing saslauthd would be complicated. Thanks a lot, we'll probablysolve everything with an homebrew saslauthd.----Cyrus Home Page: http://cyrusimap.web.cmu.edu/Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twikiList Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
