Support for mechanisms: SCRAM-SHA-256[-PLUS] and GS2-KRB5-PLUS

help-gsasl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Support for mechanisms: SCRAM-SHA-256[-PLUS] and GS2-KRB5-PLUS

From:	Rick van Rein
Subject:	Support for mechanisms: SCRAM-SHA-256[-PLUS] and GS2-KRB5-PLUS
Date:	Tue, 15 Aug 2017 13:41:36 +0200
User-agent:	Postbox 3.0.11 (Macintosh/20140602)

Hello,

Dare I ask if there are plans to support GS2-KRB5-PLUS and
SCRAM-SHA-256[-PLUS] in GNU SASL?


Reason 1 for asking is that I heard mentioning that Cyrus SASL is having
its support withdrawn, so a lively and complete alternative is
attractive to have.


Reason 2 for asking is that I am drafting a few extended uses for SASL,
and am looking for software that could be plugged together in a first
implementation,

https://datatracker.ietf.org/doc/draft-vanrein-eap-sasl/
https://datatracker.ietf.org/doc/draft-vanrein-httpauth-sasl/

We believe these two ingredients can help to simplify the administration
of authentication infrastructure, such as this example describing how
Nginx would benefit:

http://internetwide.org/blog/2017/07/18/nginx-multi-front.html

One reason for being interested in SCRAM-SHA-256 is that it has been
incorporated into HTTP (without going through SASL) and it should be
quite pleasant for a frontend to pass such older mechanisms to a backend
over SASL, along with HTTP SASL authentication attempts.


Needless to say, feedback on the drafts is most welcome on the
draft-specific email addresses.


On a sidenote, I am thrilled that work is also being done on RFC 6595,
carrying SAML 2.0 over SASL.


Thanks!
 -Rick

[Prev in Thread]

Current Thread

[Next in Thread]

Support for mechanisms: SCRAM-SHA-256[-PLUS] and GS2-KRB5-PLUS, Rick van Rein <=

Index(es):
- Date
- Thread