Re: Command-line interface

[Darren Oh]

It may be the version I'm using. With gsasl (the version on Debian  
Etch), I get a segmentation fault if 'gsasl -s' is not followed by a  
service name.

What I'm trying to do is write a PHP script that can authenticate  
users without access to their passwords. I need a command-line program  
that can save user passwords during unencrypted authentication and use  
them to validate digest credentials during encrypted authentication.

On Oct 1, 2008, at 7:56 AM, Simon Josefsson wrote:

> Darren Oh <address@hidden> writes:
>
> > I have been trying to use the command line interface. So far, I have
> > not been successful. There seem to be no examples of how to use the
> > server option, or of what to expect.
> >
> > gsasl -s www -m DIGEST-MD5
> >
> > returns "Name or service not known."
> >
> > gsasl -s localhost
> >
> > returns "Connection refused." I have no idea what the command is
> > expecting or what these messages mean.
>
> What are you trying to do?  The server mode only works on stdin/ 
> stdout,
> it cannot listen to a port.
>
> You can use 'gsasl -s' in one terminal and 'gsasl -c' in another to
> debug connections, like the trace below.  You need to cut'n'paste the
> base64 blobs between windows as needed.
>
> Extending the command line client so that it can listen on a port and
> act as a SMTP/IMAP/etc server would be a cool addition.
>
> I hope this helps,
> /Simon
>
> address@hidden:~$ gsasl -s -m DIGEST-MD5 -d
> Using mechanism:
> DIGEST-MD5
> Enter realm of server (optional): realm
> Output from server:
> cmVhbG09InJlYWxtIiwgbm9uY2U9IkJZK1hKV3B0b2c1OW5YMUppd21WZWc9PSIsIHFvcD0iYXV0aCwgYXV0aC1pbnQiLCBjaGFyc2V0PXV0Zi04LCBhbGdvcml0aG09bWQ1LXNlc3M 
> =
> Enter base64 authentication data from client (press RET if none):
> dXNlcm5hbWU9ImphcyIsIHJlYWxtPSJyZWFsbSIsIG5vbmNlPSJCWStYSldwdG9nNTluWDFKaXdtVmVnPT0iLCBjbm9uY2U9ImJKd0JNZWZEV1RJUDRKKzFIaEZTS1E9PSIsIG5jPTAwMDAwMDAxLCBxb3A9YXV0aCwgZGlnZXN0LXVyaT0iaW1hcC9ob3N0bmFtZSIsIHJlc3BvbnNlPTZkNzM4OThkNjVlZmI5YmRiYTliNDkzMTI5NTIyYWVhLCBjaGFyc2V0PXV0Zi04
> Enter password:
> Output from server:
> cnNwYXV0aD0zMWNjMDQ0ZmEyMmQwOWQ5ZDU5YjEyNzIwODRiZTVkNQ==
> Enter base64 authentication data from client (press RET if none):
>
> Output from server:
>
> Server authentication finished (client trusted)...
> Session finished...
> address@hidden:~$
>
> address@hidden:~$ gsasl -c -m DIGEST-MD5 -d
> Using mechanism:
> DIGEST-MD5
> Output from client:
>
> Enter base64 authentication data from server (press RET if none):
> cmVhbG09InJlYWxtIiwgbm9uY2U9IkJZK1hKV3B0b2c1OW5YMUppd21WZWc9PSIsIHFvcD0iYXV0aCwgYXV0aC1pbnQiLCBjaGFyc2V0PXV0Zi04LCBhbGdvcml0aG09bWQ1LXNlc3M 
> =
> Enter GSSAPI service name (e.g. "imap"): imap
> Enter hostname of server: hostname
> Using system username `jas' as authentication identity.
> Enter realm of server (optional): realm
> Enter password:
> Output from client:
> dXNlcm5hbWU9ImphcyIsIHJlYWxtPSJyZWFsbSIsIG5vbmNlPSJCWStYSldwdG9nNTluWDFKaXdtVmVnPT0iLCBjbm9uY2U9ImJKd0JNZWZEV1RJUDRKKzFIaEZTS1E9PSIsIG5jPTAwMDAwMDAxLCBxb3A9YXV0aCwgZGlnZXN0LXVyaT0iaW1hcC9ob3N0bmFtZSIsIHJlc3BvbnNlPTZkNzM4OThkNjVlZmI5YmRiYTliNDkzMTI5NTIyYWVhLCBjaGFyc2V0PXV0Zi04
> Enter base64 authentication data from server (press RET if none):
> cnNwYXV0aD0zMWNjMDQ0ZmEyMmQwOWQ5ZDU5YjEyNzIwODRiZTVkNQ==
> Output from client:
>
> Client authentication finished (server trusted)...
> Session finished...
> address@hidden:~$