In SASL authentication, are the messages between a particular client and server the same every time

Posted by karenc on Server Fault See other posts from Server Fault or by karenc
Published on 2010-01-22T21:59:53Z Indexed on 2010/04/02 16:03 UTC
Read the original article Hit count: 509

Filed under:

authentication

|

sasl

|

kerberos

I wrote a test client and server using the Cyrus SASL library, and I'm manually forcing it to select GSSAPI as the mechanism. While debugging, I printed the md5sum of each message as it was passed between the two. I noticed that the sequence seems to be the same every time I connect. That is, if the message sequence on the first negotiation was clientMessage1, serverResponse1, clientMessage2, etc... to successful authentication, if I then restart my client, the same clientMessage1, serverResponse2, clientMessage2,etc... sequence is repeated.

It seems to me like it would be a security concern. Is this the correct behavior and if so, should I be wrapping these communications in TLS or something?

© Server Fault or respective owner

Related posts about authentication

Configuring Fed Authentication Methods in OIF / IdP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry. I will show examples for the three protocols supported by OIF: SAML 2.0 SSO SAML… >>> More
windows authentication vs sql server authentication for asp.net forms authentication site

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a database and a site having forms authentication. It is working fine with VS2008. This time, I am using "Trusted_connection =True". But when it is opened from outside or directly from browser then I am getting error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." I know this is due… >>> More
Disable authentication on subfolder(s) of an ASP.NET app using windows authentication

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Is it possible to disable windows authentication on one or more subfolders of an ASP.net application using windows authentication? >>> More
AutoCompleteExtender - authentication failure (forms authentication)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily. If I change my service definition to include a demand for the caller to be authenticated, like so: <OperationContract()… >>> More
Ruby on Rails , functionalities having twitter authentication and email authentication (autlogic and

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Experts, I would like to ask your guidance on how to authenticate using email add/ the basic log-in while having also a twitter log-in, twitter authentication works fine but if having an alternative log-in like using basic sign-up and email log-in part wont work.... any ideas please...? >>> More

Related posts about sasl

cyrus-sasl-lib issue on CentOS 5.3 (while installing GUI)

as seen on Server Fault - Search for 'Server Fault'
I am attempting to install gnome on a CentOS 5.3 Server install so that I can speed up the process that I am working on. I ran a yum groupinstall for the x window system and gnome but I keep getting the following error. Package cyrus-sasl-plain needs cyrus-sasl-lib = 2.1.22-4, this is not available… >>> More
Postfix (SASL) / MySQL: Use MD5 Encryption?

as seen on Server Fault - Search for 'Server Fault'
Is it possible to use MD5 password encryption to encrypt passwords when using Postfix / SASL and MySQL? Currently, my setup is using the MySQL CRYPT() function, which for various reasons isn't ideal. >>> More
In SASL authentication, are the messages between a particular client and server the same every time

as seen on Server Fault - Search for 'Server Fault'
I wrote a test client and server using the Cyrus SASL library, and I'm manually forcing it to select GSSAPI as the mechanism. While debugging, I printed the md5sum of each message as it was passed between the two. I noticed that the sequence seems to be the same every time I connect. That is, if the… >>> More
What is SASL/GSSAPI?

as seen on Server Fault - Search for 'Server Fault'
Numerous times i have met the expression SASL/GSSAPI. I have searched Google many times, but i simply do no understand what it is and how it relate to Kerberos. Anybody that have a simple explanation on this? >>> More
PHP SASL(PECL) sasl_server_init(app) works with CLI but not with ApacheModule

as seen on Stack Overflow - Search for 'Stack Overflow'
I have written a simple auth script so that Webusers can type in their username and password and my PHP script verifies them by SASL. The SASL Library is initialized by php function sasl_server_init("phpfoo"). So phpfoo.conf in /etc/sasl2/ is used. phpfoo.conf: pwcheck_method: saslauthd mech_list:… >>> More