Re: Sasl Question.

From: Christopher Riordan (cpr+)
Date: Thu Mar 14 2002 - 13:46:44 EST


> Birger Toedtmann wrote:
>
> > Christopher Riordan schrieb am Thu, Mar 14, 2002 at 10:35:11AM -0500:
> >
> >>just a quick question on Sasl, I'm currently using it for my mail system
and
> >>it works wonders, I was wondering if it is possible to use for other
> >>authentication such as ftp, telnet? Also if I run sasl on one server can
I
> >>link to it from another? so my secondary mailserver can do Auth from it?
I
> >>knwo it's probly in docs.
> >>
> >
> > It is quite pointless to use the advanced authentication mechanisms SASL
> > provides for protocols that don't use them. All RFCs on ftp and telnet
> > speak of plaintext authentication, there is no MD5 authentication or
GSSAPI
> > in those protocols. But coming to the second question: as SASL is a
lib,
> > you cannot do it remote, there is no "remote linker" concept as far as I
> > know. However, you can provide remote backends, such as LDAP, MySQL and
> > others. Returning to the first question: Yes, telnet and ftp server
imple-
> > mentations authenticate with those backends as well.
> >
> > So you can do
> >
> > mail server software -> SASL -> remote LDAP
> >
> > together with
> >
> > ftp server software -> (no SASL) -> remote LDAP
> >
> >
>
> Maybe Christopher is really asking about using the Cyrus Sasl
> authentication daemon's db file with other services such as Telnet, Ftp,
> and MTAs SMTP AUTH lookups etc ..
>
> --Sean

Yes, that was what I meant to ask almost like a PAM-Sasl connection worst
case is I can try to write a socketting Daemon on my main server to pass
requests in from other systems. I'm not sure what you guys think of
something like that. or have a system just sync the DBs on the servers every
20 min or so.

Chris








Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD