4 Properties

Properties with associated data:

• GSASL_AUTHID

  The authentication identity.

• GSASL_AUTHZID

  The authorization identity.

• GSASL_PASSWORD

  The password of the authentication identity.

• GSASL_ANONYMOUS_TOKEN

  The anonymous token. This is typically the email address of the user.

• GSASL_SERVICE

  The registered GSSAPI service name of the application service, e.g. “imap”. While the names are registered for GSSAPI, other mechanisms such as DIGEST-MD5 may also use this.

• GSASL_HOSTNAME

  Should be the local host name of the machine.

• GSASL_GSSAPI_DISPLAY_NAME

  Contain the GSSAPI “display name”, set by the server GSSAPI mechanism. Typically you retrieve this property in your callback, when invoked for GSASL_VALIDATE_GSSAPI.

• GSASL_REALM

  The name of the authentication domain. This is used by several mechanisms, including DIGEST-MD5, GSS-API, KERBEROS_V5 and NTLM.

• GSASL_PASSCODE

  The SecurID passcode.

• GSASL_PIN

  The SecurID personal identification number (PIN).

• GSASL_SUGGESTED_PIN

  A SecurID personal identification number (PIN) suggested by the server.

Abstract properties, used to trigger the callback, typically used in servers to validate client credentials:

• GSASL_VALIDATE_SIMPLE

  You may retrieve GSASL_AUTHID, GSASL_AUTHZID and GSASL_PASSWORD and use them to make an authentication and authorization decision.

• GSASL_VALIDATE_EXTERNAL

  Used by EXTERNAL mechanism on the server side to validate the client. The GSASL_AUTHID will contain the authorization identity of the client.

• GSASL_VALIDATE_ANONYMOUS

  Used by ANONYMOUS mechanism on the server side to validate the client. The GSASL_ANONYMOUS_TOKEN will contain token that identity the client.

• GSASL_VALIDATE_GSSAPI

  Used by the GSSAPI mechanism on the server side, to validate the client. You may retrieve the authorization identity from GSASL_AUTHZID and the GSS-API display name from GSASL_GSSAPI_DISPLAY_NAME.

• GSASL_VALIDATE_SECURID

  Used by SECURID mechanism on the server side to validate client. The GSASL_AUTHID, GSASL_AUTHZID, GSASL_PASSCODE, and GSASL_PIN will be set. It can return GSASL_SECURID_SERVER_NEED_ADDITIONAL_PASSCODE to ask the client to supply another passcode, and GSASL_SECURID_SERVER_NEED_NEW_PIN to require the client to supply a new PIN code.