sasl_client_new

sasl_client_new(21 June 2001)                    sasl_client_new(21 June 2001)



NAME
       sasl_client_new - Create a new client authentication object



SYNOPSIS
       #include <sasl/sasl.h>

       int sasl_client_new(const char *service,
                       const char *serverFQDN,
                       const char *iplocalport,
                       const char *ipremoteport,
                       const sasl_callback_t *prompt_supp,
                       unsigned secflags,
                       sasl_conn_t ** pconn);


DESCRIPTION
       sasl_client_new() creates a new SASL context. This context will be used
       for all SASL calls for one connection. It handles  both  authentication
       and integrity/encyption layers after authentication.

       service  is  the  registered  name of the service (usually the protocol
       name) using SASL (e.g. "imap").

       serverFQDN is the fully qualified  domain  name  of  the  server  (e.g.
       "serverhost.cmu.edu").

       iplocalport  is the IP and port of the local side of the connection, or
       NULL.  If iplocalport is NULL it will disable mechanisms  that  require
       IP  address  information.  This strings must be in one of the following
       formats:  "a.b.c.d;port"  (IPv4),  "e:f:g:h:i:j:k:l;port"  (IPv6),   or
       "e:f:g:h:i:j:a.b.c.d;port" (IPv6)

       ipremoteport  is  the IP and port of the remote side of the connection,
       or NULL (see iplocalport)

       prompt_supp is a list of client interactions supported that  is  unique
       to  this  connection.  If  this  parameter is NULL the global callbacks
       (specified in sasl_client_init) will be  used.  See  sasl_callback  for
       more information.

       secflags are security flags (see below)

       pconn is the conection context allocated by the library. This structure
       will be used for all future SASL calls for this connection.

       Security Flags

       Security flags that may be passed to sasl_server_new() include

       SASL_SEC_NOPLAINTEXT
               Don't permit mechanisms susceptible to  simple  passive  attack
               (e.g., PLAIN, LOGIN)

       SASL_SEC_NOACTIVE
               Protection  from active (non-dictionary) attacks during authen-
               tication exchange. Authenticates server.

       SASL_SEC_NODICTIONARY
               Don't  permit  mechanisms  susceptible  to  passive  dictionary
               attack

       SASL_SEC_FORWARD_SECURITY
               Require  forward  secrecy between sessions. (breaking one won't
               help break next)

       SASL_SEC_NOANONYMOUS
               Don't permit mechanisms that allow anonymous login

       SASL_SEC_PASS_CREDENTIALS
               Require mechanisms which pass  client  credentials,  and  allow
               mechanisms which can pass credentials to do so.

       SASL_SEC_MAXIMUM
               All of the above.


RETURN VALUE
       sasl_client_new returns an integer which corresponds to one of the fol-
       lowing codes. SASL_OK is the only one that indicates success. All  oth-
       ers  indicate errors and should either be handled or the authentication
       session should be quit.


ERRORS
       SASL_OK Success

       SASL_BADPARAM
               Error in config file or passed parameters

       SASL_NOMECH
               No mechanism meets requested properties

       SASL_NOMEM
               Not enough memory to complete operation


CONFORMING TO
       RFC 2222

SEE ALSO
       sasl(3),           sasl_client_init(3),           sasl_client_start(3),
       sasl_client_step(3), sasl_setprop(3)



SASL man pages                       SASL        sasl_client_new(21 June 2001)