sasl_client_new(21 June 2001) sasl_client_new(21 June 2001)
sasl_client_new - Create a new client authentication object
int sasl_client_new(const char *service,
const char *serverFQDN,
const char *iplocalport,
const char *ipremoteport,
const sasl_callback_t *prompt_supp,
sasl_conn_t ** pconn);
sasl_client_new() creates a new SASL context. This context will be used for all SASL calls
for one connection. It handles both authentication and integrity/encyption layers after
service is the registered name of the service (usually the protocol name) using SASL (e.g.
serverFQDN is the fully qualified domain name of the server (e.g. "serverhost.cmu.edu").
iplocalport is the IP and port of the local side of the connection, or NULL. If iplocal-
port is NULL it will disable mechanisms that require IP address information. This strings
must be in one of the following formats: "a.b.c.d;port" (IPv4), "e:f:g:h:i:j:k:l;port"
(IPv6), or "e:f:g:h:i:j:a.b.c.d;port" (IPv6)
ipremoteport is the IP and port of the remote side of the connection, or NULL (see iplo-
prompt_supp is a list of client interactions supported that is unique to this connection.
If this parameter is NULL the global callbacks (specified in sasl_client_init) will be
used. See sasl_callback for more information.
secflags are security flags (see below)
pconn is the conection context allocated by the library. This structure will be used for
all future SASL calls for this connection.
Security flags that may be passed to sasl_server_new() include
Don't permit mechanisms susceptible to simple passive attack (e.g., PLAIN, LOGIN)
Protection from active (non-dictionary) attacks during authentication exchange.
Don't permit mechanisms susceptible to passive dictionary attack
Require forward secrecy between sessions. (breaking one won't help break next)
Don't permit mechanisms that allow anonymous login
Require mechanisms which pass client credentials, and allow mechanisms which can
pass credentials to do so.
All of the above.
sasl_client_new returns an integer which corresponds to one of the following codes.
SASL_OK is the only one that indicates success. All others indicate errors and should
either be handled or the authentication session should be quit.
Error in config file or passed parameters
No mechanism meets requested properties
Not enough memory to complete operation
sasl(3), sasl_client_init(3), sasl_client_start(3), sasl_client_step(3), sasl_setprop(3)
SASL man pages SASL sasl_client_new(21 June 2001)