Jeremy Howard wrote:
>
> Ken Murchison wrote:
> > "Kevin J. Menard, Jr." wrote:
> <re pwcheck>
> > > Hmm . . . I honestly haven't checked this out yet. I'll have to take
> > > a look at it.
> >
> > If you're serious about this, you should really check out cmu-sasl
> > v1.5.27 or the latest CVS and use saslauthd. This is the replacement
> > for pwcheck and will be mandatory in SASL v2.
> >
>
> My understanding is that pwcheck will we unaffected by the upgrade.
I was mistaken. You are correct. pwcheck is not going away, it will
coexist with saslauthd. What I was thinking about is that SASLv2 will
not have any of the non-sasldb/non-pwcheck plaintext validation
mechanisms (PAM, /etc/shadow, etc) built into the library itself. All
of these methods of validating plaintext passwords will be passed off to
saslauthd. I hope I have stated this clearly and correctly this time.
:^)
> Having said that, I don't know much about saslauthd--I just looked at it
> yesterday after Ken mentioned it's in the 1.5.27 beta. There's not a lot of
> docs for it yet--Ken or Rob, could you provide some more info?
Just the source code and man page.
> I can see
> that the saslauthd daemon itself is a daemon that you can compile additional
> authentication mechanisms into, such as PAM, getpwent, and krb5 (all
> included in the SASL distribution). But, how is the saslauthd interface in
> SASL different to the pwcheck interface?
They are very similar. saslauthd was derived from pwcheck.
> What's the difference between
> './configure --with-pwcheck=/var/state/mydaemon' and
> './configure --with-saslauthd=/var/state/mydaemon'? What is required to
> change a pwcheck daemon to work with the saslauthd interface?
Simpified view: Just strip off the socket protocol/communication junk
and add a function pointer to saslauthd's list.
> Is there any
> reason to do this for existing pwcheck daemons?
Probably not IMHO.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp