SASL support

[ke...@rucus.ru.ac.za]

Greetings

I'm one of the developers of the Cryptix SASL library [1] and I'm interested in
using our library to provide SASL support to Apache JAMES. I've had a go at
adding SMTP AUTH and so far I have authentication working, but no security layer
as yet. Our library currently supports:

  ANONYMOUS (RFC2245)
  CRAM-MD5 (RFC2195)
  OTP (RFC 2444, obsoletes S/KEY in RFC 2222)
  PLAIN (RFC2595)
  SM2 (draft-naffah-cat-sasl-sm2-01.txt)
  SRP (draft-burdis-cat-srp-sasl-05.txt)

but I've only tested with PLAIN and SRP for now.

Where do I go from here? Are you guys interested in this? If so, to whom do I
submit patches and in what format eg. unified diff or context diff etc.? And, is
this list the correct forum for me to ask questions about implementation details?

Thanks.

  - Keith

[1] http://www.cryptix.org/products/sasl/

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: SASL support

[Harmeet <ha...@kodemuse.com>]

----- Original Message -----
From: <ke...@rucus.ru.ac.za>
> Yup, these are the two I have modified. I also added another supporting
class
> that implements the actual SMTP SASL profile stuff. Attached are the diffs
> showing the changes to SMTPHandler.java and the new SaslProfile.java file.

I will add your code to the proposal area so that others can look it over
and have a chance to play around.  One idea is to have new code in proposal
area for stable modules and move it to the main branch after that.
I had a few questions/requests.
- Would it be possible to decouple cryptix.sasl from SMTP handler ?
- Would it be possible to boostrap hardcoded properties from config file
settings.
- Is there an API like JCE or some model like interface-provider model that
SMTP Handler could use with Cryptix configured as a provider ?


>
> I do have some questions though:
>
>  - Is there an something (document / mailing list message etc.) that
explains
> how the logging works and how I go about configuring it? I'd like to use
better
> logging.

Avalon Framework is used for logging. The latest iteration support Avalon
native logging, as well as(I think) plugin facility for I believe Log4J and
JDK 1.4 Logging.
Avalon-Dev may be the best mailing list.

As a brief outline,
You can create a separate log category and set the log level via
src/conf/james-server.xml.
This file gets packaged in the james.sar as conf/server.xml
One could derive from AbstractLogger and use <getLogger> to write log
messages.


>
>  - I somehow need to make use of the JAMES password databases, but I'm not
quite
> sure how to go about this. The SRP mechanisms in particular have specific
> requirements, since they use verifiers and not passwords and have other
> password-related configuration information. Any ideas?

The Users repository abstraction is o.a.j.services.UsersRepository
(o.a.j==org.apache.james)
The implementation is o.a.j.userrepository.UsersFileRepository. One easy
shortcut for testing would be to edit this file to suit SASL.

>
>  - It appears that all configuration information is in the .xml files and
is
> then read into a Configuration object that is passed to the configure
method of
> the class. Is this correct, and if so should I just add the SASL-related
> information to the smtpserver section in the james-config.xml file?

ditto.

>
> It's not that easy to test this at the moment, since I had to make some
changes
> (okay bug fixes ;-) to the SASL library while I was implementing. These
changes
> are only in the CVS version on SourceForge. The (Java) test client I'm
using is
> also there. I'll post detailed instructions once we've made a new release
of the
> library and I've got the details sorted out. So far, SRP and PLAIN work
nicely
> for authentication, but without a security layer.

I will try to get the latest Cryptix code from SourceForge and play with it.
Others could look at it too. Can I use SASL with some email clients. I use
Outlook Express, but can try with other clients. Are there some email
clients you could recommend for testing ?

Harmeet


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: SASL support

[ke...@rucus.ru.ac.za]

Quoting Harmeet <ha...@kodemuse.com>:
> This does seem interesting. You should submit patches to this list. My
> preference is to have both source file and diff -u. Alternativly whatever
> is convenient for you. Help is appreciated.
> This is the correct list for questions about implementation etc.
> 
> The best steps could be to
> - Identify a client that you are using to test SASL. Preferably cross
> platform, so that others can easily test it too.
> - Add SASL support in SMTP.  At least <doAuth> and <doEHLO> method in
> SMTPHandler.java would need to be changed. Please ask if you need some
> help.

Yup, these are the two I have modified. I also added another supporting class
that implements the actual SMTP SASL profile stuff. Attached are the diffs
showing the changes to SMTPHandler.java and the new SaslProfile.java file.

I do have some questions though:

 - Is there an something (document / mailing list message etc.) that explains
how the logging works and how I go about configuring it? I'd like to use better
logging.

 - I somehow need to make use of the JAMES password databases, but I'm not quite
sure how to go about this. The SRP mechanisms in particular have specific
requirements, since they use verifiers and not passwords and have other
password-related configuration information. Any ideas?

 - It appears that all configuration information is in the .xml files and is
then read into a Configuration object that is passed to the configure method of
the class. Is this correct, and if so should I just add the SASL-related
information to the smtpserver section in the james-config.xml file?

> Harmeet

It's not that easy to test this at the moment, since I had to make some changes
(okay bug fixes ;-) to the SASL library while I was implementing. These changes
are only in the CVS version on SourceForge. The (Java) test client I'm using is
also there. I'll post detailed instructions once we've made a new release of the
library and I've got the details sorted out. So far, SRP and PLAIN work nicely
for authentication, but without a security layer.

  - Keith

Re: SASL support

[Harmeet <ha...@kodemuse.com>]

> I'm one of the developers of the Cryptix SASL library [1] and I'm
interested in
> using our library to provide SASL support to Apache JAMES
It would be good to have this capability.

> Where do I go from here? Are you guys interested in this? If so, to whom
do I
> submit patches and in what format eg. unified diff or context diff etc.?
And, is
> this list the correct forum for me to ask questions about implementation
details?
This does seem interesting. You should submit patches to this list. My
preference is to have both source file and diff -u. Alternativly whatever is
convenient for you. Help is appreciated.
This is the correct list for questions about implementation etc.

The best steps could be to
- Identify a client that you are using to test SASL. Preferably cross
platform, so that others can easily test it too.
- Add SASL support in SMTP.  At least <doAuth> and <doEHLO> method in
SMTPHandler.java would need to be changed. Please ask if you need some help.

Harmeet


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>