Re: Command-line interface

[Simon Josefsson]

Darren Oh <address@hidden> writes:

> It may be the version I'm using. With gsasl (the version on Debian
> Etch), I get a segmentation fault if 'gsasl -s' is not followed by a
> service name.

I cannot reproduce this with the version in Debian soon-to-be lenny, so
I suppose it is a bug that has been fixed.

> What I'm trying to do is write a PHP script that can authenticate
> users without access to their passwords. I need a command-line program
> that can save user passwords during unencrypted authentication and use
> them to validate digest credentials during encrypted authentication.

For DIGEST-MD5?  Then you'll need an additional patch posted on this
mailing list earlier (but pending copyright assignments) to make it
support a callback to query for hashed passwords.  The command line tool
doesn't support that callback either, so that would have to be added.

Possibly the copyright assignment has arrived now, I'll take a look.

/Simon

> On Oct 1, 2008, at 7:56 AM, Simon Josefsson wrote:
>
>> Darren Oh <address@hidden> writes:
>>
>>> I have been trying to use the command line interface. So far, I have
>>> not been successful. There seem to be no examples of how to use the
>>> server option, or of what to expect.
>>>
>>> gsasl -s www -m DIGEST-MD5
>>>
>>> returns "Name or service not known."
>>>
>>> gsasl -s localhost
>>>
>>> returns "Connection refused." I have no idea what the command is
>>> expecting or what these messages mean.
>>
>> What are you trying to do?  The server mode only works on stdin/
>> stdout,
>> it cannot listen to a port.
>>
>> You can use 'gsasl -s' in one terminal and 'gsasl -c' in another to
>> debug connections, like the trace below.  You need to cut'n'paste the
>> base64 blobs between windows as needed.
>>
>> Extending the command line client so that it can listen on a port and
>> act as a SMTP/IMAP/etc server would be a cool addition.
>>
>> I hope this helps,
>> /Simon
>>
>> address@hidden:~$ gsasl -s -m DIGEST-MD5 -d
>> Using mechanism:
>> DIGEST-MD5
>> Enter realm of server (optional): realm
>> Output from server:
>> cmVhbG09InJlYWxtIiwgbm9uY2U9IkJZK1hKV3B0b2c1OW5YMUppd21WZWc9PSIsIHFvcD0iYXV0aCwgYXV0aC1pbnQiLCBjaGFyc2V0PXV0Zi04LCBhbGdvcml0aG09bWQ1LXNlc3M
>> =
>> Enter base64 authentication data from client (press RET if none):
>> dXNlcm5hbWU9ImphcyIsIHJlYWxtPSJyZWFsbSIsIG5vbmNlPSJCWStYSldwdG9nNTluWDFKaXdtVmVnPT0iLCBjbm9uY2U9ImJKd0JNZWZEV1RJUDRKKzFIaEZTS1E9PSIsIG5jPTAwMDAwMDAxLCBxb3A9YXV0aCwgZGlnZXN0LXVyaT0iaW1hcC9ob3N0bmFtZSIsIHJlc3BvbnNlPTZkNzM4OThkNjVlZmI5YmRiYTliNDkzMTI5NTIyYWVhLCBjaGFyc2V0PXV0Zi04
>> Enter password:
>> Output from server:
>> cnNwYXV0aD0zMWNjMDQ0ZmEyMmQwOWQ5ZDU5YjEyNzIwODRiZTVkNQ==
>> Enter base64 authentication data from client (press RET if none):
>>
>> Output from server:
>>
>> Server authentication finished (client trusted)...
>> Session finished...
>> address@hidden:~$
>>
>> address@hidden:~$ gsasl -c -m DIGEST-MD5 -d
>> Using mechanism:
>> DIGEST-MD5
>> Output from client:
>>
>> Enter base64 authentication data from server (press RET if none):
>> cmVhbG09InJlYWxtIiwgbm9uY2U9IkJZK1hKV3B0b2c1OW5YMUppd21WZWc9PSIsIHFvcD0iYXV0aCwgYXV0aC1pbnQiLCBjaGFyc2V0PXV0Zi04LCBhbGdvcml0aG09bWQ1LXNlc3M
>> =
>> Enter GSSAPI service name (e.g. "imap"): imap
>> Enter hostname of server: hostname
>> Using system username `jas' as authentication identity.
>> Enter realm of server (optional): realm
>> Enter password:
>> Output from client:
>> dXNlcm5hbWU9ImphcyIsIHJlYWxtPSJyZWFsbSIsIG5vbmNlPSJCWStYSldwdG9nNTluWDFKaXdtVmVnPT0iLCBjbm9uY2U9ImJKd0JNZWZEV1RJUDRKKzFIaEZTS1E9PSIsIG5jPTAwMDAwMDAxLCBxb3A9YXV0aCwgZGlnZXN0LXVyaT0iaW1hcC9ob3N0bmFtZSIsIHJlc3BvbnNlPTZkNzM4OThkNjVlZmI5YmRiYTliNDkzMTI5NTIyYWVhLCBjaGFyc2V0PXV0Zi04
>> Enter base64 authentication data from server (press RET if none):
>> cnNwYXV0aD0zMWNjMDQ0ZmEyMmQwOWQ5ZDU5YjEyNzIwODRiZTVkNQ==
>> Output from client:
>>
>> Client authentication finished (server trusted)...
>> Session finished...
>> address@hidden:~$