[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos/LDAP/SASL central authentication server howto

Markus Moeller <huaraz@moeller.plus.com> writes:

> Nikola, 
> I think you are right, SASL only protects the authentication exchange. I
> found also that cysus-sasl hard codes SSF 56 for GSSAPI.

SASL, Simple Authentication and Security Layer, can do both authentication
and security layer as the name implies.

Quote from the abstract in RFC2222 that defines SASL.
>>>> and <<<< are mine.

1.    Abstract

   This document describes a method for adding authentication support to
   connection-based protocols.  To use this specification, a protocol
   includes a command for identifying and authenticating a user to a
   server and for 
   optionally negotiating protection of subsequent
   protocol interactions.  If its use is negotiated, a security layer is
   inserted between the protocol and the connection.
   This document
   describes how a protocol specifies such a command, defines several
   mechanisms for use by the command, and defines the protocol used for
   carrying a negotiated security layer over the connection.


PGP signature