[standards-jig] Advanced authentication

Iain Shigeoka iainshigeoka at yahoo.com
Mon May 6 19:00:56 UTC 2002

On 5/6/02 7:38 AM, "jsiegle at psu.edu" <jsiegle at psu.edu> wrote:

> On Mon, 6 May 2002, Robert Norris wrote:
>>>> So, where do we go from here? I still don't have a problem with AAF as
>>>> it stands; I don't see any fundamental flaws in it. Should we be doing
>>>> SASL, even though it down essentially the same job, or just continue
>>>> refining AAF?
>>> I still think that if there is a way to do it, sticking with SASL is best.
>>> I'd be looking for an absolutely must have feature or order of magnitude
>>> improvement in order to justify rolling your own system.  Of course, I seem
>>> to be in the minority on this view in the Jabber community so you can also
>>> take my comment as a single vote and not any group thought.  :)  Many Jabber
>>> enthusiasts definitely like rolling their own solutions.
>> As I've said, I think the requirements stipulated by SASL are not well
>> suited to Jabber, and that AAF does essentially the same job anyway. It
>> would take some contortions and hoop jumping to make SASL fit with
>> Jabber, effort that I'm not sure is required. It is still possible to
>> build any SASL mechanism on top of AAF.
>> What do others think? I'd like more than two opinions before I take this
>> any further. Or should I take the relative silence about this to mean
>> that more complex authentication is not really a need for people?
> I have been using dce(uses kerb5) for jabber authentication. I
> tried pushing kerberos here many months ago but was pretty much told off
> and decided to stop pushing the matter. I wrote a mod_auth_kerberos
> module when I was looking at kerberos auth. It uses
> user-user(mkreq/rdreq) for the auth. I haven't looked at SASL yet.
> My code is kind of ugly but if I can find it I can throw it your way(if
> you are interested).

SASL has a kerberos profile so it would be supported out of the box.


More information about the Standards mailing list