[Spread-users] Spread authentication module and SASL
Michael Fair
michael at daclubhouse.net
Tue Mar 4 20:29:11 EST 2003
I'm new to Spread so please forgive my ignorance.
I'm interested in using Spread as the backbone of
an IRC server network (perhaps even extending it
to clients).
One of the things I wanted to do was use SASL for
the Authentication and Security (encrypted or not)
layer to each of the Spread daemons.
Has SASL been considered for use as the authentication
and security communication layer between Spread clients
and Servers?
I also thought that if SASL could be incorporated
into the server, then a more dynamic configuration
could be made possible by having Spread daemons
authenticate themselves to each other and request
inclusion into the network (this would of course be
bi-directional to ensure no one is taking advantage
of the opportunity to present a "man in the middle"
attack during a net partition).
For those who have not heard of SASL before, it is
a session initiation protocol whereby two parties
(a client and server for instance) can choose
A) Whether or not the will encrypt this session
and
B) What exchange protocol they will use to exchange
credentials (CRAM-MD5, DIGEST-MD5, PLAIN (text), etc).
It is very modular and makes adding new authentication
sources at the server side easy (LDAP, MySQL, flat file,
Kerberos, etc) and makes adding exchange protocols to
both the client and the server easy (PLAIN, DISGEST-MD5,
CRAM-MD5, GSSAPI, etc).
Thank you
-- Michael --
More information about the Spread-users
mailing list