[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
There are three data types to be used for carrying a negotiated security layer--a mechanism, a client parameter and an authentication step.
3.1 Mechanisms | ||
3.2 Clients | ||
3.3 Steps |
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
A mechanism (sasl-mechanism
object) is a schema of the SASL
authentication mechanism driver.
Retrieve an apropriate mechanism.
This function compares MECHANISMS and sasl-mechanisms
then
returns apropriate sasl-mechanism
object.
(let ((sasl-mechanisms '("CRAM-MD5" "DIGEST-MD5"))) (setq mechanism (sasl-find-mechanism server-supported-mechanisms))) |
If you want to write an authentication mechanism driver (4. Backend drivers), use sasl-make-mechanism
and modify
sasl-mechanisms
and sasl-mechanism-alist
correctly.
sasl-mechanism
object.
This function takes two parameters--name of the mechanism, and a list
of authentication functions.
(defconst sasl-anonymous-steps '(identity ;no initial response sasl-anonymous-response)) (put 'sasl-anonymous 'sasl-mechanism (sasl-make-mechanism "ANONYMOUS" sasl-anonymous-steps)) |
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
A client (sasl-client
object) initialized with four
parameters--a mechanism, a user name, name of the service and name of
the server.
sasl-client
object.
sasl-mechanism
object) of client.
If you want to specify additional configuration properties, please use
sasl-client-set-property
.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
A step (sasl-step
object) is an abstraction of authentication
"step" which holds the response value and the next entry point for the
authentication process (the latter is not accessible).
To get the initial response, you should call the function
sasl-next-step
with the second argument nil.
(setq name (sasl-mechanism-name mechanism)) |
At this point we could send the command which starts a SASL authentication protocol exchange. For example,
(process-send-string process (if (sasl-step-data step) ;initial response (format "AUTH %s %s\r\n" name (base64-encode-string (sasl-step-data step) t)) (format "AUTH %s\r\n" name))) |
To go on with the authentication process, all you have to do is call
sasl-next-step
consecutively.
[ << ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |