[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-mailutils] mu_authenticate?

From: Sergey Poznyakoff
Subject: Re: [bug-mailutils] mu_authenticate?
Date: Mon, 28 Sep 2009 13:48:12 +0300

Simon Josefsson <address@hidden> ha escrit:

> SCRAM-SHA-1.  However I cannot login using LOGIN/PLAIN.

Probably, you have not configured the `gsasl' statement in your
configuration file. See its short description in `imap4d --config-help'

> GSASL_VALIDATE_SIMPLE callback is imap4d/auth_gsasl.c:cb_validate that
> does:
> What is the purpose of the code?  Is the intention that it MUST be run
> for every user regardless of authentication method?

No, of course not. It must be run only in the validation callback.
Its purpose is as follows:

>   auth = mu_get_auth_by_name (*username);

This returns a pointer to a structure containing the information about
this account, or NULL if no such account exists. This function is a MU
counterpart of getpwnam(3). The difference is that it looks the user
up in the MU authorization database, as set by the `auth' statement
and that the resulting structure contains some more information about
the account.

>   if (auth == NULL)

If there are no such user, report error.

>   rc = mu_authenticate (auth, pass);

The mu_authenticate function verifies if password (pass) matches that
stored in the `auth' structure. The authentication mechanism is
configured by the `auth' configuration statement.

>   mu_auth_data_free (auth);

The `auth' structure is freed.


The return from mu_authenticate determines that of the callback

> Btw, the name of cram-passwd is a bit wrong now that it is also used for
> non-CRAM mechanisms.  I'm not sure it is worthwhile to rename it.

It is definititely worth it. Thanks for pointing that out.

> Btw^2, maybe a cleaner approach is to add a function mu_gsasl_getpass,
> similar to mu_sql_getpass and use that?

Yes, perhaps. I am now thinking about clearer ways to organize the
auth stuff. I'll probably use this idea too.

> I suspect (hope) that mu_authenticate need not be called for all users
> unconditionally, and in that case, the patch below makes LOGIN/PLAIN
> work for passwords stored in cram-passwd and SQL format.

I'll try this. Thank you.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]