On Thu, Sep 23, 2010 at 09:09:39PM +0100, Simon Wilkinson wrote:
> On 23 Sep 2010, at 20:13, Josh Howlett wrote:
>
> >> but perhaps now 6 years later I
> >> could get folks interested in it (e.g., things like SAML are much more
> >> widely deployed than they were back then).
> >
> > Well, I have to admit that I'm very vague about the specifics of
> > XMPP. However, I understand that it supports SASL and so, through
> > GS2, it might get Moonshot. I'm curious about the interactions
> > between GS2 and GSS naming extensions (which is the interface that
> > applications use to obtain attributes in Moonshot). Any SASL experts
> > care to comment?
>
> Virtually all of the GSSAPI SASL support in XMPP clients and servers
> is for "GSSAPI", not GS2. So it's all Kerberos only. Getting access to
> GSS naming extensions from the SASL layer is also interesting, as it's
> a bit of an abstraction layer violation trying to fiddle with them.
> Cyrus, certainly, tries to present all of its mechanisms with a
> uniform API.
Cyrus SASL has a getprop/setprop facility that applies to sasl_conn_t's.
|