Module to allow authentication with sasl

[Giuliano Gavazzi <de...@humph.com>]

I read the announcement of mod_sasl_auth. I admit I haven't yet  
examined the question further, but wasn't SASL a no go for  
authentication because of apache threads?
I have been running a mod_authnz_sasl I wrote, for almost eight  
months but never dared to make it public for the above concern...

You can find the code at the svn repo:

http://it.humph.com/versions/public/mod_authnz_sasl/trunk/

There are some clear differences in approach between the two. Good  
that we have chosen different names!

Giuliano

Re: Module to allow authentication with sasl

[Benjamin Donnachie <be...@py-soft.co.uk>]

Giuliano Gavazzi wrote:
> I read the announcement of mod_sasl_auth. I admit I haven't yet examined
> the question further, but wasn't SASL a no go for authentication because
> of apache threads?

That could explain why I couldn't find an existing mod_auth_sasl module!
 However, I'm fairly confident that the code should be thread safe
(Touch wood!) and it seems to be running fine on my server! (Touches
wood again to be on the safe side!).

> I have been running a mod_authnz_sasl I wrote, for almost eight months
> but never dared to make it public for the above concern...

I've had a quick look and I'm a bit confused why you're connecting
directly to the saslauthd socket - if you use the Cyrus-SASL server
library then you can use the option saslauthd_path: in the
/usr/lib/sasl2/SERVICE.conf file.

However, this is my first attempt at writing a Cyrus-SASL program so
there's a good chance that I've missed something.

> There are some clear differences in approach between the two. Good that
> we have chosen different names!

Like mod_auth_imap, the module I "borrowed" most of the code from, mine
just deals with bog standard plain text passwords with no groups.  By
comparison, I think yours even includes the kitchen sink! :-))))

Take care,

Ben

Re: Module to allow authentication with sasl

[Giuliano Gavazzi <de...@humph.com>]

On 11 Jun 2007, at 23:16, Nick Kew wrote:

> Thanks for sharing.  Have you entered it in the register at
> modules.apache.org?

thank you!
Done and done. (the latter being the license)

Giuliano

Re: Module to allow authentication with sasl

[Nick Kew <ni...@webthing.com>]

On Mon, 11 Jun 2007 23:06:14 +0200
Giuliano Gavazzi <de...@humph.com> wrote:

> I read the announcement of mod_sasl_auth. I admit I haven't yet  
> examined the question further, but wasn't SASL a no go for  
> authentication because of apache threads?
> I have been running a mod_authnz_sasl I wrote, for almost eight  
> months but never dared to make it public for the above concern...
> 
> You can find the code at the svn repo:
> 
> http://it.humph.com/versions/public/mod_authnz_sasl/trunk/
> 
> There are some clear differences in approach between the two. Good  
> that we have chosen different names!

Thanks for sharing.  Have you entered it in the register at
modules.apache.org?

One point you might like to consider.  Since you announced it here,
I guess you intend it to be available as open-source.  But nothing
in your code grants people any rights to it, so it's not really
open under the laws of any country that respects international
copyright law.  You might want to add a license: for example,
the Apache license, as included in the apache distribution.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/