From owner-freebsd-hackers Sun Aug 15 15:55:21 1999 Delivered-To: freebsd-hackers@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id CED6415271; Sun, 15 Aug 1999 15:55:20 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id B79F61CD663; Sun, 15 Aug 1999 15:55:20 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Sun, 15 Aug 1999 15:55:20 -0700 (PDT) From: Kris Kennaway To: Dave Walton Cc: nsayer@freebsd.org, freebsd-hackers@freebsd.org Subject: SRP (Was: Re: Whither makefiles for src/crypto/telnet/* ?) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 15 Aug 1999, Kris Kennaway wrote: > The only issue which (to my knowledge) has never been addressed anywhere > is the authentication protocol exchange between client and server and a > formalized API (PAM doesn't do this: it communicates between a server and > arbitrary backend, among other things, but doesn't specify the > client/server interaction). Ideally, things like SRP, SRA, CHAP, PAP, etc, > should be available as plugins to client/server apps, so we don't have to > make separate patches to telnet/telnetd, ftp/ftpd, etc, for all of the > authentication protocols-of-the-day. This would make a good RFC if one > does not already exist. RFC 2222, Simple Authentication and Security Layer (SASL) seems to cover this from my initial skimming. This would be the way to go for both SRP and SRA, IMO. There may already be RFCs describing the integration of telnet with SASL (although I couldn't find any). SASL doesn't specify the API as far as I can tell. We should look for existing efforts and try and standardize. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message