[Spread-users] Spread authentication module and SASL
michael at daclubhouse.net
Tue Mar 4 20:29:11 EST 2003
I'm new to Spread so please forgive my ignorance.
I'm interested in using Spread as the backbone of
an IRC server network (perhaps even extending it
One of the things I wanted to do was use SASL for
the Authentication and Security (encrypted or not)
layer to each of the Spread daemons.
Has SASL been considered for use as the authentication
and security communication layer between Spread clients
I also thought that if SASL could be incorporated
into the server, then a more dynamic configuration
could be made possible by having Spread daemons
authenticate themselves to each other and request
inclusion into the network (this would of course be
bi-directional to ensure no one is taking advantage
of the opportunity to present a "man in the middle"
attack during a net partition).
For those who have not heard of SASL before, it is
a session initiation protocol whereby two parties
(a client and server for instance) can choose
A) Whether or not the will encrypt this session
B) What exchange protocol they will use to exchange
credentials (CRAM-MD5, DIGEST-MD5, PLAIN (text), etc).
It is very modular and makes adding new authentication
sources at the server side easy (LDAP, MySQL, flat file,
Kerberos, etc) and makes adding exchange protocols to
both the client and the server easy (PLAIN, DISGEST-MD5,
CRAM-MD5, GSSAPI, etc).
-- Michael --
More information about the Spread-users