sasl_client_new(21 June 2001) sasl_client_new(21 June 2001)
NAMEsasl_client_new - Create a new client authentication
object
SYNOPSIS
#include <sasl/sasl.h>
int sasl_client_new(const char *service,
const char *serverFQDN,
const char *iplocalport,
const char *ipremoteport,
const sasl_callback_t *prompt_supp,
unsigned secflags,
sasl_conn_t ** pconn);
DESCRIPTIONsasl_client_new() creates a new SASL context. This context
will be used for all SASL calls for one connection. It
handles both authentication and integrity/encyption layers
after authentication.
service is the registered name of the service (usually the
protocol name) using SASL (e.g. "imap").
serverFQDN is the fully qualified domain name of the
server (e.g. "serverhost.cmu.edu").
iplocalport is the IP and port of the local side of the
connection, or NULL. If iplocalport is NULL it will dis-
able mechanisms that require IP address information. This
strings must be in one of the following formats:
"a.b.c.d;port" (IPv4), "e:f:g:h:i:j:k:l;port" (IPv6), or
"e:f:g:h:i:j:a.b.c.d;port" (IPv6)
ipremoteport is the IP and port of the remote side of the
connection, or NULL (see iplocalport)
prompt_supp is a list of client interactions supported
that is unique to this connection. If this parameter is
NULL the global callbacks (specified in sasl_client_init)
will be used. See sasl_callback for more information.
secflags are security flags (see below)
pconn is the conection context allocated by the library.
This structure will be used for all future SASL calls for
this connection.
Security Flags
Security flags that may be passed to sasl_server_new()
include
SASL_SEC_NOPLAINTEXT
Don't permit mechanisms susceptible to simple pas-
sive attack (e.g., PLAIN, LOGIN)
SASL_SEC_NOACTIVE
Protection from active (non-dictionary) attacks
during authentication exchange. Authenticates
server.
SASL_SEC_NODICTIONARY
Don't permit mechanisms susceptible to passive
dictionary attack
SASL_SEC_FORWARD_SECURITY
Require forward secrecy between sessions. (break-
ing one won't help break next)
SASL_SEC_NOANONYMOUS
Don't permit mechanisms that allow anonymous login
SASL_SEC_PASS_CREDENTIALS
Require mechanisms which pass client credentials,
and allow mechanisms which can pass credentials to
do so.
SASL_SEC_MAXIMUM
All of the above.
RETURN VALUEsasl_client_new returns an integer which corresponds to
one of the following codes. SASL_OK is the only one that
indicates success. All others indicate errors and should
either be handled or the authentication session should be
quit.
ERRORS
SASL_OK Success
SASL_BADPARAM
Error in config file or passed parameters
SASL_NOMECH
No mechanism meets requested properties
SASL_NOMEM
Not enough memory to complete operation
CONFORMING TO
RFC 2222
SEE ALSOsasl(3), sasl_client_init(3), sasl_client_start(3),
sasl_client_step(3), sasl_setprop(3)SASL man pages SASL sasl_client_new(21 June 2001)