Password-based Authentication Protocol

There was a large increase in activity on password-based SASL authentication mechanism in the Prague IETF, with three new proposals. Unfortunately, I was travelling over the I-D cutoff, so my document didn’t make it. However, I’ve now finished a -00 document for it. The goal was initially to just specify a GSS-API mechanism, but it seemed easier to specify a framework-agnostic protocol (with some influences from GSS-API and SASL) and then specify the mapping to GSS-API and SASL.

Announcing krb5dissect

Building on my earlier efforts to document the ccache format, I’ve now created the krb5dissect tool. It will parse your Kerberos ccache file (typically /tmp/krb5cc_$UID) and prints it in a human readable format.

This tool was written in about 1 hour, given the amazing amount of nice modules available from gnulib, and helpful tools such as gengetopt and help2man. Kudos!

Update! Version 2.0 can do the same for Kerberos keytab files (typically /etc/krb5.keytab).


I have been experimenting with git lately, and one of the results were a replacement for the old ‘cvsco’ tool that I’m highly addicted to.

# gitco - cruel checkout. Discards everything
# that has not been committed, and checkout
# missing files.
# Written by Simon Josefsson. Licensed under
# GPLv2 or later. Contributions by Yann Dirson.
git clean -d -x
cg status -w
git reset --hard

LibIDN 0.6.11

Today I released a new version of LibIDN. No major changes, although Alexander Gnauck contributed an update of his C# port.

I’m feeling somewhat saddened how far the IDNAbis proposals are going without any attempts to work with the SASLPrep community. I predict that SASLPrep2 will be a fork of StringPrep1, rather than a profile of StringPrep2.

Update! It seems is down, which seems to affect uploads to The normal distribution URLs go to a directory checked out from CVS, but I’ve manually made sure the directory contain the latest release even though CVS checkouts doesn’t work.