Implements the SASL External authentication mechanism.
TIdSASLExternal = class(TIdSASL);
TIdSASLExternal is a TIdSASL descendant that implements the SASL External authentication mechanism, as described in theInternet Standards document:
SASL mechanism names must be registered with the IANA. The current list of registered SASL mechanisms can be located at:
The Simple Authentication and Security Layer (SASL) is a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating a security layer for subsequent protocol interactions.
SASL commands require an argument identifying a SASL mechanism. SASL mechanisms are named by strings, from 1 to 20 characters in length, consisting of upper-case letters, digits, hyphens, and/or underscores.
In the External SASL authentication mechanism, the client sends an initial response to a server challenge with the authorization identity. The server uses information, external to SASL, to determine whether the client is authorized to authenticate as the authorization identity. If the client is so authorized, the server indicates successful completion of the authentication exchange; otherwise the server indicates failure.
The system providing this external information may be, for example, IPsec or TLS.
If the client sends an empty string as the authorization identity (thus requesting the authorization identity be derived from the client's authentication credentials), the authorization identity is to be derived from authentication credentials which exist in the system which is providing the external authentication.
TIdSASLExternal extends the ancestor class by implementing the ServiceName and StartAuthenticate methods specified in TIdSASL. TIdSASLExternal also provides the AuthorizationIdentity property that represents the authorization identity required in the authentication mechanism.
During initialization of the component, the SecurityLevel property is set to the value 0 (zero) since the level of privacy or security is dependent on the server.
Copyright © 1993-2006, Chad Z. Hower (aka Kudzu) and the Indy Pit Crew. All rights reserved.
Post feedback to the Indy Docs Newsgroup.