SASL testing
Julien ÉLIE
julien at trigofacile.com
Mon Sep 22 19:29:03 UTC 2008
Hi,
As for one of our previous exchanges, when you said that initial-response
is in base64, in fact "test" is a valid base64 string :)
AUTHINFO SASL BAD test
503 no mechanism available
AUTHINFO SASL BAD =
503 no mechanism available
while:
AUTHINFO SASL BAD tester
504 bad protocol / cancel
At least, it shows that 504 is well implemented!
"test" is a bad test for it :->
> Oh! I see what you're saying. Yes, you don't get the credentials the
> user gave during SASL. The SASL library handles the authentication for
> you and just tells you what user they authenticated as at the end. So you
> can't use any authentication system internal to INN in combination with
> SASL.
Thanks! I understand better now.
I should have tried to read some more documentation before :-/
> SASL LOGIN is obsolete in favor of SASL PLAIN. They're basically
> equivalent in capabilities.
The problem is that I cannot remove LOGIN.
I wandered a bit in SASL implementations and saw:
/* NOPLAINTEXT -- don't permit mechanisms susceptible to simple
* passive attack (e.g., PLAIN, LOGIN)
I suppose we will have to keep LOGIN...
--
Julien ÉLIE
« Medicus dedit qui temporis morbo curam,
Is plus remedii quam cutis sector dedit. »
More information about the inn-workers
mailing list