[standards-jig] Advanced authentication
jsiegle at psu.edu
jsiegle at psu.edu
Mon May 6 14:38:08 UTC 2002
On Mon, 6 May 2002, Robert Norris wrote:
> > > So, where do we go from here? I still don't have a problem with AAF as
> > > it stands; I don't see any fundamental flaws in it. Should we be doing
> > > SASL, even though it down essentially the same job, or just continue
> > > refining AAF?
> > I still think that if there is a way to do it, sticking with SASL is best.
> > I'd be looking for an absolutely must have feature or order of magnitude
> > improvement in order to justify rolling your own system. Of course, I seem
> > to be in the minority on this view in the Jabber community so you can also
> > take my comment as a single vote and not any group thought. :) Many Jabber
> > enthusiasts definitely like rolling their own solutions.
> As I've said, I think the requirements stipulated by SASL are not well
> suited to Jabber, and that AAF does essentially the same job anyway. It
> would take some contortions and hoop jumping to make SASL fit with
> Jabber, effort that I'm not sure is required. It is still possible to
> build any SASL mechanism on top of AAF.
> What do others think? I'd like more than two opinions before I take this
> any further. Or should I take the relative silence about this to mean
> that more complex authentication is not really a need for people?
I have been using dce(uses kerb5) for jabber authentication. I
tried pushing kerberos here many months ago but was pretty much told off
and decided to stop pushing the matter. I wrote a mod_auth_kerberos
module when I was looking at kerberos auth. It uses
user-user(mkreq/rdreq) for the auth. I haven't looked at SASL yet.
My code is kind of ugly but if I can find it I can throw it your way(if
you are interested).
> Robert Norris GPG: 1024D/FC18E6C2
> Email+Jabber: rob at cataclysm.cx Web: http://cataclysm.cx/
Jonathan Siegle Center for Academic Computing
jsiegle at psu.edu Penn State University
More information about the Standards