From: Jukka Salmi (jukka-asg at 2004 dot salmi dot ch)
Date: Tue Jun 29 2004 - 06:29:58 EDT
Andreas --> cyrus-sasl (2004-06-28 17:14:13 -0300):
> GSSAPI seems to be "different". In order to use, say, DIGEST-MD5, I need
> something to store the secret, like sasldb, sql or even ldapdb. These are
> auxprop mechanisms. GSSAPI seems to go around this, and it obviously doesn't
> use saslauthd since it's not a plaintext mechanism. So, would it be correct
> that there are 3 classes of authentication mechanisms?
> - shared secret (which need an auxprop plugin)
> - plaintext (pwcheck_method set to saslauthd)
> - gssapi (nothing else needed, pwcheck_method not relevant?)
According to the SASL documentation (see below "Plugins (SASL Mechanisms")
you're (almost) right.
BTW, you can use saslauthd to do plaintext authentication with a Kerberos
system (and thus nullify most of Kerberos' benefits...).
-- bashian roulette: $ ((RANDOM%6)) || rm -rf ~