SASL testing

Julien ÉLIE julien at trigofacile.com
Mon Sep 22 19:29:03 UTC 2008


Hi,

As for one of our previous exchanges, when you said that initial-response
is in base64, in fact "test" is a valid base64 string :)

AUTHINFO SASL BAD test
503 no mechanism available
AUTHINFO SASL BAD =
503 no mechanism available

while:

AUTHINFO SASL BAD tester
504 bad protocol / cancel

At least, it shows that 504 is well implemented!

"test" is a bad test for it :->


> Oh!  I see what you're saying.  Yes, you don't get the credentials the
> user gave during SASL.  The SASL library handles the authentication for
> you and just tells you what user they authenticated as at the end.  So you
> can't use any authentication system internal to INN in combination with
> SASL.

Thanks!  I understand better now.
I should have tried to read some more documentation before :-/


> SASL LOGIN is obsolete in favor of SASL PLAIN.  They're basically
> equivalent in capabilities.

The problem is that I cannot remove LOGIN.
I wandered a bit in SASL implementations and saw:

/* NOPLAINTEXT          -- don't permit mechanisms susceptible to simple
 *                         passive attack (e.g., PLAIN, LOGIN)

I suppose we will have to keep LOGIN...

-- 
Julien ÉLIE

« Medicus dedit qui temporis morbo curam,
  Is plus remedii quam cutis sector dedit. » 



More information about the inn-workers mailing list