Search Results for “gsasl” – Simon Josefsson's blog

Towards pluggable GSS-API modules

Posted on 2022-07-14 by simon — No Comments ↓

GSS-API is a standardized framework that is used by applications to, primarily, support Kerberos V5 authentication. GSS-API is standardized by IETF and supported by protocols like SSH, SMTP, IMAP and HTTP, and implemented by software projects such as OpenSSH, Exim, Continue reading Towards pluggable GSS-API modules→

What’s wrong with SCRAM?

Posted on 2021-06-08 by simon — No Comments ↓

Simple Authentication and Security Layer (SASL, RFC4422) is the framework that was abstracted from the IMAP and POP protocols. Among the most popular mechanisms are PLAIN (clear-text passwords, usually under TLS), CRAM-MD5 (RFC2195), and GSSAPI (for Kerberos V5). The DIGEST-MD5 Continue reading What’s wrong with SCRAM?→

On Password Hashing and RFC 6070

Posted on 2011-01-07 by simon — 3 Comments ↓

The RFC Editor has announced a new document, RFC 6070, with test vectors for PKCS5 PBKDF2. The document grow out of my implementation of SCRAM for GNU SASL. During interop testing, more than one other implementation turned out to have Continue reading On Password Hashing and RFC 6070→

GNU SASL with SCRAM-SHA-1-PLUS

Posted on 2010-11-17 by simon — 3 Comments ↓

I have finished the SCRAM implementation in GNU SASL. The remaining feature to be added were support for the “enhanced” SCRAM-SHA-1-PLUS variant instead of just the normal SCRAM-SHA-1 mechanism. The difference is that the latter supports channel bindings to TLS, Continue reading GNU SASL with SCRAM-SHA-1-PLUS→

GS2-KRB5 using GNU SASL and MIT Kerberos for Windows

Posted on 2010-09-27 by simon — No Comments ↓

I have blogged about GNU SASL and GS2-KRB5 with the native Kerberos on Mac OS X before, so the next logical step has been to support GS2-KRB5 on Windows through MIT Kerberos for Windows (KfW). With the latest release of Continue reading GS2-KRB5 using GNU SASL and MIT Kerberos for Windows→

Bridging SASL and GSS-API: GS2

Posted on 2010-07-13 by simon — No Comments ↓

Yesterday (12th July 2010) the RFC editor announced the publication of RFC 5801, which I’m co-author of. The GS2 document has taken 5 years to reach this status, see my page on GS2 status. So what is GS2?

GS2-KRB5 in GNU SASL 1.5.0

Posted on 2010-03-31 by simon — 3 Comments ↓

I have worked in the IETF on the specification for the next generation GSSAPI-to-SASL bridge called GS2 (see my status page for background) for a couple of years now. The specification is (finally!) in the RFC editor’s queue, and is Continue reading GS2-KRB5 in GNU SASL 1.5.0→

Thread Safe Functions

Posted on 2009-06-23 by simon — 1 Comment ↓

I have read Russel Coker’s nice article on identifying use of thread unsafe functions. This reminded me of a script I wrote a long time ago that is part of GNU SASL‘s regression suite: threadsafety. As you can see, my Continue reading Thread Safe Functions→

Building GnuTLS and GNU SASL without running ./configure

Posted on 2007-08-21 by simon — No Comments ↓

Sometimes it can be useful to build things without the autoconf ./configure machinery, and just use a simple and hand-maintained makefile and config.h. This is needed to build things in older uClinux environments. I wrote some instructions on how to Continue reading Building GnuTLS and GNU SASL without running ./configure→

Porting to uClinux

Posted on 2007-06-07 by simon — 1 Comment ↓

Building software for embedded systems is quite simple today. A returning customer asked me to clarify how to build gsasl and gnutls under uClinux, and I finally created a web page collecting the instructions and patch. http://josefsson.org/uclinux/