saslauthd (was Re: SASL re-entrancy crisis)

From: Jeremy Howard (no email)
Date: Thu Aug 09 2001 - 15:35:14 EDT

• Next message: Jeremy Howard: "Re: Cyrus documentation"
• Previous message: Jules Agee: "Re: Script admin problems"
• In reply to: Ken Murchison: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Next in thread: Ken Murchison: "Re: saslauthd (was Re: SASL re-entrancy crisis)"
• Reply: Ken Murchison: "Re: saslauthd (was Re: SASL re-entrancy crisis)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ken Murchison wrote:
> "Kevin J. Menard, Jr." wrote:
<re pwcheck>
> > Hmm . . . I honestly haven't checked this out yet. I'll have to take
> > a look at it.
>
> If you're serious about this, you should really check out cmu-sasl
> v1.5.27 or the latest CVS and use saslauthd. This is the replacement
> for pwcheck and will be mandatory in SASL v2.
>

My understanding is that pwcheck will we unaffected by the upgrade. Rob
Siemborski said in info-cyrus message
<>:

----
Jeremy Howard wrote:
> Is there a quick overview someplace of what the major changes in SASL 2.x
> are/will be, and how this will impact end users? In particular, how will
it
> effect (if at all) pwcheck daemons--will custom daemons need any changes?
Most of the changes are under the hood, and will only affect application
developers.  However, the format of the sasldb is changing and thus the
old version will be incompatible with the new.  We have several ideas
about a possible conversion utility but nothing is final yet.
It will not affect users of pwcheck or saslauthd (except that saslauthd
will now support a krb5 mech).
----
I took this to mean that saslauthd is being added as an addition, not a
replacement, to pwcheck.
Having said that, I don't know much about saslauthd--I just looked at it
yesterday after Ken mentioned it's in the 1.5.27 beta. There's not a lot of
docs for it yet--Ken or Rob, could you provide some more info? I can see
that the saslauthd daemon itself is a daemon that you can compile additional
authentication mechanisms into, such as PAM, getpwent, and krb5 (all
included in the SASL distribution). But, how is the saslauthd interface in
SASL different to the pwcheck interface? What's the difference between
'./configure --with-pwcheck=/var/state/mydaemon' and
'./configure --with-saslauthd=/var/state/mydaemon'? What is required to
change a pwcheck daemon to work with the saslauthd interface? Is there any
reason to do this for existing pwcheck daemons?
Since I'm starting to build a pwcheck daemon repository at Sourceforge, I
might have to change approach a bit if saslauthd is replacing pwcheck
altogether...

• Next message: Jeremy Howard: "Re: Cyrus documentation"
• Previous message: Jules Agee: "Re: Script admin problems"
• In reply to: Ken Murchison: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Next in thread: Ken Murchison: "Re: saslauthd (was Re: SASL re-entrancy crisis)"
• Reply: Ken Murchison: "Re: saslauthd (was Re: SASL re-entrancy crisis)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]