RE: kerbetization of mail client

Tue, 20 Apr 2010 18:38:28 -0700 

> -----Original Message-----
> From: Henry B. Hotz [mailto:h...@jpl.nasa.gov] 
> Sent: Wednesday, April 21, 2010 1:15 AM
> To: Xu, Qiang (FXSGSC)
> Cc: cyrus-sasl@lists.andrew.cmu.edu
> Subject: Re: kerbetization of mail client
> 
> No.
> 
> This should all happen automatically, and be done by the 
> kerberos libraries.

In LDAP Kerbetization, I must provide an interface function and some sasl 
callback, like the following: 
=========================================================
static char *sasl_mech = "GSSAPI";
static int sasl_flags = LDAP_SASL_QUIET;
...
/* warning! - the following requires intimate knowledge of sasl.h */
static char *default_values[] = {
    "", /* SASL_CB_USER         0x4001 */
    "", /* SASL_CB_AUTHNAME     0x4002 */
    "", /* SASL_CB_LANGUAGE     0x4003 */ /* not used */
    "", /* SASL_CB_PASS         0x4004 */
    "", /* SASL_CB_ECHOPROMPT   0x4005 */
    "", /* SASL_CB_NOECHOPROMPT 0x4006 */
    "", /* SASL_CB_CNONCE       0x4007 */
    ""  /* SASL_CB_GETREALM     0x4008 */
};

/* this is so we can use SASL_CB_USER etc. to index into default_values */
#define VALIDVAL(n) ((n >= SASL_CB_USER) && (n <= SASL_CB_GETREALM))
#define VAL(n) default_values[n-0x4001]
...
static int example_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void 
*prompts) 
{
        sasl_interact_t         *interact = NULL;

        if (prompts == NULL) 
        {
                return (LDAP_PARAM_ERROR);
        }

        for (interact = prompts; interact->id != SASL_CB_LIST_END; interact++) 
        {
                if (VALIDVAL(interact->id)) 
                {
                        interact->result = VAL(interact->id);
                        interact->len = strlen((char *)interact->result);
                }
        }
        return (LDAP_SUCCESS);
}
...
  ldapHandle = prldap_init(primaryIP, primaryServerPort, 0);
  ldapStatus = ldap_sasl_interactive_bind_ext_s(ldapHandle, "", sasl_mech,
                                                NULL, NULL, sasl_flags,
                                                example_sasl_interact, NULL, 
&responseControls);
=========================================================
So I guess some similar routines must be provided for the authentication of the 
mail client against the mail server, using the kerberos TGT. You mean I don't 
need to provide such interfaces? Then, when the server requires authentication 
from the client, what should I do to log into the mail server?

Thanks,
Xu Qiang

Reply via email to