SRP support for the cyrus-sasl-2.1.26_12 port

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

SRP support for the cyrus-sasl-2.1.26_12 port

Kyle Amon
Hi,

I added support for SRP (including srp-setpass [so saslpasswd2 can
store srp salts and verifiers in the sasl password database too, if
so desired]) to the cyrus-sasl-2.1.26_12 port.  Two small patch files
are attached. Please consider applying them (or something very similar)
so that FreeBSD's cyrus-sasl port can support SRP "out of the box."
SRP is and excellent, secure authentication method, support for it has
long existed in cyrus-sasl, and that support should be easily obtainable
by FreeBSD's users.  Help make the net a more secure place. :)

Best Regards,

--Kyle

P.S.  I'm not on the freebsd-ports mailing list, FYI.

--

  CA +1-778-819-UNIX                  BackWatcher, Inc.
  US +1-425-584-UNIX                  Information Security Solutions
 SIP [hidden email]            www.backwatcher.com

INUM +883-5100-0990-1657  /  ISN UNIX*1917  /  C*NET 1-731-UNIX

GPG ed25519/F57091DBD60FBBB8 [ed25519/D60FBBB8]
    985C 5B61 4ACE C89A 0DEE  ECCD F570 91DB D60F BBB8

    rsa4096/CF001165F36E1CAB [rsa4096/F36E1CAB]
    6050 05B7 9FF1 CC21 3F00  CEBB CF00 1165 F36E 1CAB

OTR E1A46361 9FD0D801 0132D21A FE2E96BE 39E3F069 : [hidden email]
    5AB3E0B8 31F6ADB4 9A7D2FC2 A8235281 5776701E : silcnet


Makefile.patch (1K) Download Attachment
pkg-plist.patch (460 bytes) Download Attachment
attachment2 (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SRP support for the cyrus-sasl-2.1.26_12 port

Hajimu UMEMOTO
Hi,

>>>>> On Tue, 23 Feb 2016 18:25:05 -0800
>>>>> Kyle Amon <[hidden email]> said:

amonk> I added support for SRP (including srp-setpass [so saslpasswd2 can
amonk> store srp salts and verifiers in the sasl password database too, if
amonk> so desired]) to the cyrus-sasl-2.1.26_12 port.  Two small patch files
amonk> are attached. Please consider applying them (or something very similar)
amonk> so that FreeBSD's cyrus-sasl port can support SRP "out of the box."
amonk> SRP is and excellent, secure authentication method, support for it has
amonk> long existed in cyrus-sasl, and that support should be easily obtainable
amonk> by FreeBSD's users.  Help make the net a more secure place. :)

I've committed to add security/cyrus-sasl2-srp.
If we have the SRP and SRP-SETPASS options enabled by default, the SRP
salts and verifiers will be stored to the sasldb as well.
Perhaps, it is not desired by many people.  Therefore, I made the SRP
plugin the separate port.

Sincerely,

--
Hajimu UMEMOTO
[hidden email]  [hidden email]
http://www.mahoroba.org/~ume/
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: SRP support for the cyrus-sasl-2.1.26_12 port

Kyle Amon
Hajimu,

Awesome!  Works for me, but why not just just make the SRP and SRP-SETPASS
options off by default?  I'm quite happy either way.  Just wondering.

Thanks much,

--Kyle

On Wed, 24 Feb 2016 19:48:38 +0900
Thus spake Hajimu UMEMOTO <[hidden email]>:

> Hi,
>
> >>>>> On Tue, 23 Feb 2016 18:25:05 -0800
> >>>>> Kyle Amon <[hidden email]> said:  
>
> amonk> I added support for SRP (including srp-setpass [so saslpasswd2 can
> amonk> store srp salts and verifiers in the sasl password database too, if
> amonk> so desired]) to the cyrus-sasl-2.1.26_12 port.  Two small patch files
> amonk> are attached. Please consider applying them (or something very similar)
> amonk> so that FreeBSD's cyrus-sasl port can support SRP "out of the box."
> amonk> SRP is and excellent, secure authentication method, support for it has
> amonk> long existed in cyrus-sasl, and that support should be easily obtainable
> amonk> by FreeBSD's users.  Help make the net a more secure place. :)  
>
> I've committed to add security/cyrus-sasl2-srp.
> If we have the SRP and SRP-SETPASS options enabled by default, the SRP
> salts and verifiers will be stored to the sasldb as well.
> Perhaps, it is not desired by many people.  Therefore, I made the SRP
> plugin the separate port.
>
> Sincerely,
>
> --
> Hajimu UMEMOTO
> [hidden email]  [hidden email]
> http://www.mahoroba.org/~ume/

--

  CA +1-778-819-UNIX                  BackWatcher, Inc.
  US +1-425-584-UNIX                  Information Security Solutions
 SIP [hidden email]            www.backwatcher.com

INUM +883-5100-0990-1657  /  ISN UNIX*1917  /  C*NET 1-731-UNIX

GPG ed25519/F57091DBD60FBBB8 [ed25519/D60FBBB8]
    985C 5B61 4ACE C89A 0DEE  ECCD F570 91DB D60F BBB8

    rsa4096/CF001165F36E1CAB [rsa4096/F36E1CAB]
    6050 05B7 9FF1 CC21 3F00  CEBB CF00 1165 F36E 1CAB

OTR E1A46361 9FD0D801 0132D21A FE2E96BE 39E3F069 : [hidden email]
    5AB3E0B8 31F6ADB4 9A7D2FC2 A8235281 5776701E : silcnet


attachment0 (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SRP support for the cyrus-sasl-2.1.26_12 port

Hajimu UMEMOTO
Hi,

>>>>> On Wed, 24 Feb 2016 04:13:40 -0800
>>>>> Kyle Amon <[hidden email]> said:

amonk> Awesome!  Works for me, but why not just just make the SRP and SRP-SETPASS
amonk> options off by default?  I'm quite happy either way.  Just wondering.

Because, the feature which is off by default is not available by the
package.  Further, the cyrus-sasl2 port has the separate ports for
some plugins, already.
Didn't you want to support SRP out of the box?  :-)

Sincerely,

--
Hajimu UMEMOTO
[hidden email]  [hidden email]
http://www.mahoroba.org/~ume/
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: SRP support for the cyrus-sasl-2.1.26_12 port

Kyle Amon
On Wed, 24 Feb 2016 23:23:42 +0900
Thus spake Hajimu UMEMOTO <[hidden email]>:

> Hi,
>
> >>>>> On Wed, 24 Feb 2016 04:13:40 -0800
> >>>>> Kyle Amon <[hidden email]> said:  
>
> amonk> Awesome!  Works for me, but why not just just make the SRP and SRP-SETPASS
> amonk> options off by default?  I'm quite happy either way.  Just wondering.  
>
> Because, the feature which is off by default is not available by the
> package.  Further, the cyrus-sasl2 port has the separate ports for
> some plugins, already.
> Didn't you want to support SRP out of the box?  :-)
>
> Sincerely,
>
> --
> Hajimu UMEMOTO
> [hidden email]  [hidden email]
> http://www.mahoroba.org/~ume/
Yeah, man.  Sweet.  Thanks. :)

--Kyle

--

  CA +1-778-819-UNIX                  BackWatcher, Inc.
  US +1-425-584-UNIX                  Information Security Solutions
 SIP [hidden email]            www.backwatcher.com

INUM +883-5100-0990-1657  /  ISN UNIX*1917  /  C*NET 1-731-UNIX

GPG ed25519/F57091DBD60FBBB8 [ed25519/D60FBBB8]
    985C 5B61 4ACE C89A 0DEE  ECCD F570 91DB D60F BBB8

    rsa4096/CF001165F36E1CAB [rsa4096/F36E1CAB]
    6050 05B7 9FF1 CC21 3F00  CEBB CF00 1165 F36E 1CAB

OTR E1A46361 9FD0D801 0132D21A FE2E96BE 39E3F069 : [hidden email]
    5AB3E0B8 31F6ADB4 9A7D2FC2 A8235281 5776701E : silcnet


attachment0 (201 bytes) Download Attachment