[Standards] Loopback Authentication

Dave Cridland dave at cridland.net
Thu Feb 1 09:13:46 UTC 2007


On Thu Feb  1 02:48:13 2007, Justin Karneges wrote:
> Unfortunately, there is no clean cross-platform solution for this 
> kind of thing.  Depending on how many platforms we'd want loopback 
> authentication to work on, we could end up with 3 or 4 mechanisms.  
> Do we want to make a handful of new SASL mechanisms? (putting 
> loopback auth on the level of SASL) 

No, I think you and Ralph are correct in saying you want to re-use 
SASL EXTERNAL.

Note that a much more portable way of doing it (albeit one that need 
a bit more client support) is to run the XMPP stream over a UNIX 
domain socket, since there's a handful of API calls on most UNIX 
platforms which allow you to extract the calling UID. I know it works 
on BSD and Linux systems.

Windows is, as ever, a bit of a challenge, but I believe that named 
pipes have a similar ability.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list