directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: [mina] SASL support
Date Thu, 05 May 2005 14:44:24 GMT
David Boreham wrote:

> Vinod Panicker wrote:
>> Hi,
>> Basically got to thinking on this and realized that it wouldn't be
>> proper if SASL support is integrated into MINA. 

> Actually I don't think so. There are two aspects to SASL:
> authentication and 'encryption'. What you are saying is correct
> for the authentication part : for example in the case of LDAP
> the SASL payload is sent inside the regular BIND request PDU.

Yah I think Vinod was referring to the fact that you can't do it all 
within the Filter.  The protocol must be aware that some SASL mech is in 
effect.  As you say the LDAP implementation has to know the SASL 
mechanism and support it.  The Filter cannot do this on its behalf.

> However, for 'sasl encryption' the actual packets sent on the wire
> are wrapped by an encryption layer in much the same way as
> SSL. In implementing this it is necessary to get at the raw byte
> stream from the socket. To me this looks exactly like task for a mina 
> filter.

This part yes think we would all agree can be made independent of protocol.


> See the Cyrus SASL kerberos plugin source code for more
> details on this.

Eeeek Cyrus SASL :).


View raw message