directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Blanchard <>
Subject Re: [mina] SASL support
Date Thu, 05 May 2005 18:06:35 GMT
If I do no make mistakes, I think there is three layer for SASL 
(EXTERNAL is the only one i have looked for) implementation.

1- Server layer to tell the client what mechanisms it handles and to 
provide some checkings regarding policy versus client asked mechanism.
2- Mina layer to give TLS support and to give some acces to the 
principal created and returned for this transport layer.
3- LDAP protocol to engage the handshaking.LDAP v3 RFC 2251contains some 
asn1 rules about request and response formats for sasl mechanisms .

Am I wrong ?
Tony Blanchard

Vinod Panicker a écrit :

>Basically got to thinking on this and realized that it wouldn't be
>proper if SASL support is integrated into MINA.  SASL is supposed to
>be utilized by existing protocols as a means of providing
>authentication.  Its not an independent protocol in itself.  In the
>case of ApacheDS, the LDAP protocol would be carrying SASL data as
>well.  So actually SASL should be implemented by the ProtocolHandler
>rather than as a MINA filter.

View raw message