List Info

Thread: GSSAPI support
GSSAPI support
user name
 2007-03-07 16:07:11 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I've been a happy user of Gossip (and thus loudmouth) for
quite some
time now. One of the features I'm missing though is support
for GSSAPI
(Kerberos) authentication and I'm interesting writing a
patch to allow
use of it.

There are two ways to implement GSSAPI support. I can either
add
support in loudmouth to use cyrus SASL (which includes
support for
GSSAPI among other mechanisms) instead of the built-in SASL.
Another
option would be to add support for a GSSAPI mechanism to the
built-in
SASL.

Which of the two is preferred? Any other things I should
keep in mind
while writing the patch?

Cheers,

Jelmer
- --
Jelmer Vernooij <jelmersamba.org> - http://samba.org/~jelmer/
Jabber: ctrlsoftjabber.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


iQCVAwUBRe83igy0JeEGD2blAQKC8QP+LZxXVxia+XET3l1Qz1yZvdUyf1Nw
0bsJ
BMElTb9Z6SxFLjsjQ8AKnSgbJGv6syd33dyX85Juf8j9jZUqbNgddQ7e4KpL
Rkk7
/k6aahY78TS6EN24pLBGthqi+Zd157HV8/BBBotl8sG6AYcS6oRrx2zMSewJ
MeJW
52byFaUQW4o=
=5eOQ
-----END PGP SIGNATURE-----
_______________________________________________
Loudmouth mailing list
Loudmouthlists.imendio.com
h
ttp://lists.imendio.com/mailman/listinfo/loudmouth
Re: GSSAPI support
country flaguser name
Sweden		 2007-03-08 04:19:52 
7 mar 2007 kl. 23.07 skrev Jelmer Vernooij:

> Hi,

Hi Jelmer,

> I've been a happy user of Gossip (and thus loudmouth)
for quite some
> time now. One of the features I'm missing though is
support for GSSAPI
> (Kerberos) authentication and I'm interesting writing a
patch to allow
> use of it.

Is this something that can be hidden within Loudmouth
without having  
to have the application provide some extra information for
Loudmouth?

For example I guess that a password is not useful to send
down to  
Loudmouth if you use Kerberos for authentication.

> There are two ways to implement GSSAPI support. I can
either add
> support in loudmouth to use cyrus SASL (which includes
support for
> GSSAPI among other mechanisms) instead of the built-in
SASL. Another
> option would be to add support for a GSSAPI mechanism
to the built-in
> SASL.

How much work is it to add internal support for GSSAPI? If
we can  
avoid adding a dependency on Cyrus SASL that would be great.
On the  
other hand it's an optional dependency so I can live with
it.

> Which of the two is preferred? Any other things I
should keep in mind
> while writing the patch?

Depending on how much code it ends up being we might want to
split  
the digest-md5/gssapi code out from lm-auth-sasl.c
(refactored since  
1.3.1).

Best Regards,
   Mikael Hallendal


--
Imendio AB, http://www.imendio.com


_______________________________________________
Loudmouth mailing list
Loudmouthlists.imendio.com
h
ttp://lists.imendio.com/mailman/listinfo/loudmouth
Re: GSSAPI support
country flaguser name
United States		 2007-03-08 09:12:04 
Hi Jelmer et al,

I haven't explicitly seen any servers that support GSSAPI
yet, but I  
haven't looked very hard.  Out of curiousity, what server
would you  
be testing against/what servers have you seen the
functionality in?

Daniel

On Mar 8, 2007, at 5:19 AM, Mikael Hallendal wrote:

> 7 mar 2007 kl. 23.07 skrev Jelmer Vernooij:
>
>> Hi,
>
> Hi Jelmer,
>
>> I've been a happy user of Gossip (and thus
loudmouth) for quite some
>> time now. One of the features I'm missing though is
support for  
>> GSSAPI
>> (Kerberos) authentication and I'm interesting
writing a patch to  
>> allow
>> use of it.
>
> Is this something that can be hidden within Loudmouth
without  
> having to have the application provide some extra
information for  
> Loudmouth?
>
> For example I guess that a password is not useful to
send down to  
> Loudmouth if you use Kerberos for authentication.
>
>> There are two ways to implement GSSAPI support. I
can either add
>> support in loudmouth to use cyrus SASL (which
includes support for
>> GSSAPI among other mechanisms) instead of the
built-in SASL. Another
>> option would be to add support for a GSSAPI
mechanism to the built-in
>> SASL.
>
> How much work is it to add internal support for GSSAPI?
If we can  
> avoid adding a dependency on Cyrus SASL that would be
great. On the  
> other hand it's an optional dependency so I can live
with it.
>
>> Which of the two is preferred? Any other things I
should keep in mind
>> while writing the patch?
>
> Depending on how much code it ends up being we might
want to split  
> the digest-md5/gssapi code out from lm-auth-sasl.c
(refactored  
> since 1.3.1).
>
> Best Regards,
>   Mikael Hallendal
>
>
> --
> Imendio AB, http://www.imendio.com
>
>
> _______________________________________________
> Loudmouth mailing list
> Loudmouthlists.imendio.com
> h
ttp://lists.imendio.com/mailman/listinfo/loudmouth

_______________________________________________
Loudmouth mailing list
Loudmouthlists.imendio.com
h
ttp://lists.imendio.com/mailman/listinfo/loudmouth
Re: GSSAPI support
country flaguser name
United States		 2007-03-08 12:00:10 
Hi Daniel!

On Thu, Mar 08, 2007 at 10:12:04AM -0500, Daniel Henninger
wrote:
> I haven't explicitly seen any servers that support
GSSAPI yet, but I  
> haven't looked very hard.  Out of curiousity, what
server would you  
> be testing against/what servers have you seen the
functionality in?
Wildfire claims to support it. Jabberd2 added support for it
in 2.1.
I've only tried to get it to work with Gaims' jabber
implementation so far, 
but their SASL support is really flaky.

Cheers,

Jelmer

> On Mar 8, 2007, at 5:19 AM, Mikael Hallendal wrote:

> >7 mar 2007 kl. 23.07 skrev Jelmer Vernooij:

> >>Hi,

> >Hi Jelmer,

> >>I've been a happy user of Gossip (and thus
loudmouth) for quite some
> >>time now. One of the features I'm missing
though is support for  
> >>GSSAPI
> >>(Kerberos) authentication and I'm interesting
writing a patch to  
> >>allow
> >>use of it.

> >Is this something that can be hidden within
Loudmouth without  
> >having to have the application provide some extra
information for  
> >Loudmouth?

> >For example I guess that a password is not useful
to send down to  
> >Loudmouth if you use Kerberos for authentication.

> >>There are two ways to implement GSSAPI support.
I can either add
> >>support in loudmouth to use cyrus SASL (which
includes support for
> >>GSSAPI among other mechanisms) instead of the
built-in SASL. Another
> >>option would be to add support for a GSSAPI
mechanism to the built-in
> >>SASL.

> >How much work is it to add internal support for
GSSAPI? If we can  
> >avoid adding a dependency on Cyrus SASL that would
be great. On the  
> >other hand it's an optional dependency so I can
live with it.

> >>Which of the two is preferred? Any other things
I should keep in mind
> >>while writing the patch?

> >Depending on how much code it ends up being we
might want to split  
> >the digest-md5/gssapi code out from lm-auth-sasl.c
(refactored  
> >since 1.3.1).

> >Best Regards,
> >  Mikael Hallendal


> >--
> >Imendio AB, http://www.imendio.com


> >_______________________________________________
> >Loudmouth mailing list
> >Loudmouthlists.imendio.com
> >h
ttp://lists.imendio.com/mailman/listinfo/loudmouth

> _______________________________________________
> Loudmouth mailing list
> Loudmouthlists.imendio.com
> h
ttp://lists.imendio.com/mailman/listinfo/loudmouth

-- 
_______________________________________________
Loudmouth mailing list
Loudmouthlists.imendio.com
h
ttp://lists.imendio.com/mailman/listinfo/loudmouth
Re: GSSAPI support
country flaguser name
United States		 2007-03-08 12:17:00 
Hi Mikael,

On Thu, Mar 08, 2007 at 11:19:52AM +0100, Mikael Hallendal
wrote:
> 7 mar 2007 kl. 23.07 skrev Jelmer Vernooij:
> >I've been a happy user of Gossip (and thus
loudmouth) for quite some
> >time now. One of the features I'm missing though is
support for GSSAPI
> >(Kerberos) authentication and I'm interesting
writing a patch to allow
> >use of it.
> Is this something that can be hidden within Loudmouth
without having  
> to have the application provide some extra information
for Loudmouth?

> For example I guess that a password is not useful to
send down to  
> Loudmouth if you use Kerberos for authentication.
Yes, that's correct. I haven't yet looked at how the
password dialog
is handled in gossip/loudmouth, but it would be nice if it
could be
skipped when using GSSAPI.

> >There are two ways to implement GSSAPI support. I
can either add
> >support in loudmouth to use cyrus SASL (which
includes support for
> >GSSAPI among other mechanisms) instead of the
built-in SASL. Another
> >option would be to add support for a GSSAPI
mechanism to the built-in
> >SASL.
> How much work is it to add internal support for GSSAPI?
If we can  
> avoid adding a dependency on Cyrus SASL that would be
great. On the  
> other hand it's an optional dependency so I can live
with it.
I think the amount of work involved doesn't differ much. 

> >Which of the two is preferred? Any other things I
should keep in mind
> >while writing the patch?
> Depending on how much code it ends up being we might
want to split  
> the digest-md5/gssapi code out from lm-auth-sasl.c
(refactored since  
> 1.3.1).
Ok, I'll keep that in mind. 

Thanks for the comments!

Cheers,

Jelmer
-- 
_______________________________________________
Loudmouth mailing list
Loudmouthlists.imendio.com
h
ttp://lists.imendio.com/mailman/listinfo/loudmouth
[1-5]

about | contact  Other archives ( Real Estate discussion Medical topics )