I'd really appreciate feedback on this - what have I missed, do I have anything just plain wrong, etc. I've left out some things - like the 'shadow' mechanism of saslauthd - that seem best solved using other methods (getpwent in that case). Also left out are the specific-vendor mechanisms like saslauthd's dce and sia methods.
Craig, this is a good start, but as Rob said, you've left out the mechanism layer.
PLAIN, LOGIN and libSASL (for handling plaintext auth commands like IMAP LOGIN, POP3 USER/PASS) can use both saslauthd and auxprop. EXTERNAL, KERBEROS_V4 and GSSAPI don't use either, as they have there own infrastructure. All the other mechs can only use auxprop. NTLM can also proxy the auth to an actual NT/Win2K/Samba server.
There are currently three auxprop plugins: sasldb, SQL, LDAP
Hope this helps.
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
