[Spread-users] Spread authentication module and SASL

Jonathan Stanton jonathan at cnds.jhu.edu
Tue Mar 4 23:22:42 EST 2003

This is an interesting topic. There are a number of different security
models. Spread already supports some of them, but not all of what you

On Tue, Mar 04, 2003 at 05:29:11PM -0800, Michael Fair wrote:
> I'm new to Spread so please forgive my ignorance.
> I'm interested in using Spread as the backbone of
> an IRC server network (perhaps even extending it
> to clients).
> One of the things I wanted to do was use SASL for
> the Authentication and Security (encrypted or not)
> layer to each of the Spread daemons.
> Has SASL been considered for use as the authentication
> and security communication layer between Spread clients
> and Servers?

The Spread authentication framework was designed to allow SASL to be 
easily implemented. If you look at the paper describing the framework


you will see some of the case studies involve SecureID and PAM which are
similar in concept and we did think about SASL when designing the
framework. I don't know of anyone implementing SASL support yet.

So adding SASL to the Spread client-server protocol should be pretty
easy, since both SASL and the Spread auth framework are modular.
What you describe below with server-server authentication is trickier
problem. Some aspects of the server-server authentication/encryption has
been done as part of the "secure spread" project. But the dynamic
reconfiguration (even without security) is a hard problem that we do not
have a complete solution for yet.


Jonathan R. Stanton         jonathan at cs.jhu.edu
Dept. of Computer Science   
Johns Hopkins University    

More information about the Spread-users mailing list