Gabor Gombas writes:
>
>Note that SASL is a _protocol_ (see rfc2222), not an API. So "SASL has
>no account management" has no meaning. You can add account management
>to applications using SASL, and PAM is an obvious choice for doing that.
>Just call pam_acct_mgmt() after you have authenticated the client with
>SASL (and provide a PAM module that performs the accounting actions you
>need).
Thanks for the clarification. I guess that what I meant was that
Cyrus SASL has no account management. Cyrus SASL is an API that
servers use to perform client authentication with the SASL protocol.
It would thus be reasonable for Cyrus SASL to provide other facilities
related to authentication. This is possible now to a limited extent
if Cyrus SASL uses pwcheck and PAM for authentication, but not if it
uses sasldb. I was looking for a more general solution, and a place
in the Cyrus SASL to insert it.
--
-Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
