[sane-standard] sane standard proposals (2) "authentication"
Johannes Berg
johannes@sipsolutions.net
Mon, 11 Oct 2004 02:40:52 +0200
--=-byi7YkxU3HX2qKOez4G9
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
2. Authentication to the network daemon
Currently, the standard supports only two ways to authenticate, the
first being with a plain-text password and the second being an MD5 hash
of the password and a challenge.
In an attempt to make the protocol work in many more environments
(theoretically at least) I propose that something like SASL
authentication be added with a new verb, SANE_NET_AUTHORIZE_SASL. SASL
is documented in RFC 2222 [1] and allows many pluggable authentication
mechanisms to be added and developed easily.
I'm not saying that support for many mechanisms should be added to any
sane server right away, but it would be good to be able to extend
unified login (kerberos for example) to the sane protocol.
FOR SASL negotiation new verbs have to be assigned as well, of course.
(One for the response to any SASL message, and one for the
client->server reply), until the server responds that authentication
failed/succeeded. An enumeration function (which mechanisms are
supported) should be provided as well, the current method to
authenticate could be subsumed.
johannes
[1] http://www.faqs.org/rfcs/rfc2222.html
--=-byi7YkxU3HX2qKOez4G9
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Comment: Johannes Berg (SIP Solutions)
iQIVAwUAQWnWkKVg1VMiehFYAQKDxxAAxn2b+Ams3OV6NsYHyz1Q8BSYR9YDs3tn
VFeveoFdw80Qd0xl4VSE4/G4tWSkQz49GU1XD1bSLbWdiS8PqDtM1dQC0d3uR3LT
mesBN11Dl2qnq5c+gCcozs+HPhxtm0RtK6sk1Zv49OJq4hwaBTms79KTMdTSb0fj
9znA+bcSkxmWwPU+530vENO9vTm7eAu3AYwuPEjxIL7m6AIV1ARbiwFRAuHgJDmr
qRfMBzp7/UT0eC2BGjWL7JYGXBVWdb7BmP0AaImOimnere+6U8HdzVzcNzb3urwk
M36Xkp2prlFamR6Hq5UpBMuP7iNawup3Acqqh2+TE03PXkPh3/xSJPGt9MDKeetw
5P0HrAeo+EscHAAAeXqbjzjujcmk6HbZIq/C5ARG7cG6wBrXPfBxKw1fmEsQDpHQ
6dYEbCUOzfrPo4voMax2kTR9NklNFbWkqP6qN5R7/VgMt9+60l4h5K2M5cIRGli9
EpEAh65VoeprD/UAxyJ9TtgYP9w/iFfrIDeI7St6mGi7IdrXfnuhyinkxnCTZSUD
XiCBCrMg609nAT+Q3GLMpoqndkJwnebGD6K9ha41Xnn0tfaDVWDeJO0y9EkqDfpv
enzZZdetTKgRcaFZrajJhfieaYXcLLox2qNuAlEYtVzLyii3nC/Lav+6iDAU+2Hb
bJGsCFv60ng=
=D2UR
-----END PGP SIGNATURE-----
--=-byi7YkxU3HX2qKOez4G9--