qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aidan Skinner" <ai...@apache.org>
Subject Re: SASL (was Re: Random .Net question)
Date Thu, 05 Jun 2008 14:03:31 GMT
On Thu, Jun 5, 2008 at 2:47 PM, Gordon Sim <gsim@redhat.com> wrote:

> Aidan Skinner wrote:
>>
>> I believe it does, although this bug/difference of interpretation
>> wouldn't manifest itself for any sane password (it only happens with
>> certain high characters). I've had a look through the SASL source and
>> it doesn't seem to do anything funky with the password inside itself.
>> What do you read the password in as?
>
> Its read in as essentially binary data into a std::string then passed to
> cyrus via a c-string.

Ah, so you don't do any of the funky charset conversion that's going
on elsewhere then? That may be an issue to watch out for when you try
to interop Java to C++, although it will likely only affect certain
passwords if it is a problem at all.

>> As an aside, do you support hashed password files?
>
> All support for authentication currently comes from what cyrus provides.
> Theres a config file in cpp/etc/sasl2 that authenticates against a db (an
> example of which, containing guest user, is created during the dist build).
>
> Passwords are stored in the clear in the db though. Cyrus can also be setup
> to authenticate against the hosts userbase, ldap etc. I'm not _aware_ of any
> option to authenticate an application specific hashed password file, but
> that doesn't mean its not there (it could be built as a cyrus module if
> needed).

Gotcha, just wondered. This all blew up because of the java brokers
slightly odd strategy for not storing passwords in plaintext on disk.

Thanks!

- Aidan
-- 
aim/y!:aidans42 g:aidan.skinner@gmail.com
http://aidan.skinner.me.uk/
"We belong to nobody and nobody belongs to us. We don't even belong to
each other."

Mime
View raw message