Re: About libgsasl server capabilities

[Simon Josefsson]

David Marín Carreño <address@hidden> writes:

> Hi all.
>
> I'm programming a framework for quick development of enterprise
> applications for my CS final degree project.
>
> I've chosen to use SASL for getting a modular advanced authentication.
>
> My question is about the status of libgsasl for programming servers that
> support SASL.
>
> As I haven't been able to find any server example, I don't know if it is
> ready for programming servers (the Changelog says that in November 2004
> a lot of client functions were migrated to a new API, but server mode
> wasn't ported).
>
> I could offer some help if it is needed.

Hi David, thanks for your interest and offer to help.  GNU SASL should
work fine in server mode.  The support is complete as far as I know.

You can look at GNU MailUtils which is using GNU SASL in server mode
for IMAP.  However, it is still using the old API, so perhaps it is
not a good example.

There are no server-side examples in the distribution, but the tool
"gsasl" can act as a server on stdin/stdout.  The "gsasl" code is
larger than the small examples, but shouldn't be too difficult to
read.  Unlike GNU MailUtils, it use the new API.  I will try to add
server examples, but your help here would be appreciated.

Programming wise, writing a server is similar to writing a client.
The differences are that you call gsasl_server_start instead of
gsasl_client_start, you let the client pick the mechanism, and that
your callback function implement some other callbacks.  Which
callbacks need to be implemented differ between mechanism, and which
callbacks are needed for each mechanism is described in the manual.

Hope this helps,
Simon