[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Support for mechanisms: SCRAM-SHA-256[-PLUS] and GS2-KRB5-PLUS
From: |
Rick van Rein |
Subject: |
Support for mechanisms: SCRAM-SHA-256[-PLUS] and GS2-KRB5-PLUS |
Date: |
Tue, 15 Aug 2017 13:41:36 +0200 |
User-agent: |
Postbox 3.0.11 (Macintosh/20140602) |
Hello,
Dare I ask if there are plans to support GS2-KRB5-PLUS and
SCRAM-SHA-256[-PLUS] in GNU SASL?
Reason 1 for asking is that I heard mentioning that Cyrus SASL is having
its support withdrawn, so a lively and complete alternative is
attractive to have.
Reason 2 for asking is that I am drafting a few extended uses for SASL,
and am looking for software that could be plugged together in a first
implementation,
https://datatracker.ietf.org/doc/draft-vanrein-eap-sasl/
https://datatracker.ietf.org/doc/draft-vanrein-httpauth-sasl/
We believe these two ingredients can help to simplify the administration
of authentication infrastructure, such as this example describing how
Nginx would benefit:
http://internetwide.org/blog/2017/07/18/nginx-multi-front.html
One reason for being interested in SCRAM-SHA-256 is that it has been
incorporated into HTTP (without going through SASL) and it should be
quite pleasant for a frontend to pass such older mechanisms to a backend
over SASL, along with HTTP SASL authentication attempts.
Needless to say, feedback on the drafts is most welcome on the
draft-specific email addresses.
On a sidenote, I am thrilled that work is also being done on RFC 6595,
carrying SAML 2.0 over SASL.
Thanks!
-Rick
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Support for mechanisms: SCRAM-SHA-256[-PLUS] and GS2-KRB5-PLUS,
Rick van Rein <=