[Spread-users] Spread authentication module and SASL

Jonathan Stanton jonathan at cnds.jhu.edu
Tue Mar 4 23:22:42 EST 2003


This is an interesting topic. There are a number of different security
models. Spread already supports some of them, but not all of what you
describe.

On Tue, Mar 04, 2003 at 05:29:11PM -0800, Michael Fair wrote:
> I'm new to Spread so please forgive my ignorance.
> 
> I'm interested in using Spread as the backbone of
> an IRC server network (perhaps even extending it
> to clients).
> 
> One of the things I wanted to do was use SASL for
> the Authentication and Security (encrypted or not)
> layer to each of the Spread daemons.
> 
> Has SASL been considered for use as the authentication
> and security communication layer between Spread clients
> and Servers?

The Spread authentication framework was designed to allow SASL to be 
easily implemented. If you look at the paper describing the framework

http://www.cnds.jhu.edu/pub/papers/ngc01_auth_framework.pdf

you will see some of the case studies involve SecureID and PAM which are
similar in concept and we did think about SASL when designing the
framework. I don't know of anyone implementing SASL support yet.

So adding SASL to the Spread client-server protocol should be pretty
easy, since both SASL and the Spread auth framework are modular.
What you describe below with server-server authentication is trickier
problem. Some aspects of the server-server authentication/encryption has
been done as part of the "secure spread" project. But the dynamic
reconfiguration (even without security) is a hard problem that we do not
have a complete solution for yet.

Jonathan

-- 
-------------------------------------------------------
Jonathan R. Stanton         jonathan at cs.jhu.edu
Dept. of Computer Science   
Johns Hopkins University    
-------------------------------------------------------




More information about the Spread-users mailing list