ietf-nntp Re: WG Review: Simple Authentication and SecurityLayer (sasl)

[Ken Murchison]

Russ Allbery wrote:
> 
> Charles Lindsey <chl at clw.cs.man.ac.uk> writes:
> > Ken Murchison <ken at oceana.com> writes:
> 
> >> I agree that a SASL mech which encrypts only the plaintext password is
> >> desirable.
> 
> > Then someone needs to sit down and define one. To break Russ' circle.
> 
> Yes, that was the conclusion that I think we reached after about the
> fourth message on this thread, and the rest of the thread has mostly been
> us trying to explain it to you.  :)
> 
> > No, AUTHINFO SASL is not implemented in typical NNTP servers yet, so
> > implementors are going to have to do some work. If we define the
> > necessary SASL encrypted password at the same time, then they will just
> > implement it as part of the package. If we try to add it later they
> > won't bother ("why didn't you tell me that was needed the first time
> > round?").
> 
> Thankfully, that's not how SASL is generally implemented.  Most software
> using SASL is using the Cyrus SASL library and therefore doesn't implement
> the individual mechanisms separately.  Adding a new mechanism is as simple
> as just building against a new version of the Cyrus SASL library and
> adding a minimal amount of glue.

Actually, if the SASL implementation is a good one (like Cyrus), then
not recompilation of the application is necessary.  All you have to do
is install the new mechanism plugin.  Cyrus SASL implements all of its
mechanisms as DSO's, so it makes available whatever it finds in the
plugin directory when the application starts.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp