Re: How to use SASL?

Giganews Newsgroups
Subject: Re: How to use SASL?
Posted by:  Remy Lebeau (TeamB) (
Date: Fri, 17 Dec 2004

"Thomas Zangl" <usen…> wrote in message

> I have a little problem understanding how SASL works with Indy.

I assume that you are referring to Indy 10?  Which specific component(s) are
you using?

> Is it sufficient to set "authentication method" to "atSASL" and
> Indy will do the rest?

That is only the first step.

> Do I have to mess round with the different sasl providers?

Yes.  Let's take TIdPOP3, for example.  It has a SASLMechanisms property,
which is a collection of TIdSASLListEntry items.  TIdSASLListEntry has a
SASL property of type TIdSASL.  Indy 10 implements several TIdSASL
descendants (TIdSASLCRAMMD5, TIdSASLLogin, etc).  Most of those classes
derive from TIdSASLUserPass, which has a UserPassProvider property of type
TIdUserPassProvider.  TIdUserPassProvider has Username and Password

You would create an instance of TIdUserPassProvider and fill in your
username/password as needed.  Then you would create instances of the desired
SASL classes that you want to use and attach the UserPassProvider to them.
Then you would add entries to the SASLMechanisms collection, one for each
SASL type, and attach the various SASL classes to them.

Here's the caveat - the SASLMechanisms collection only attempts those SASL
types that the server actually supports.  When connecting to a server, its
capabilities are retreived and stored.  During authentication, the
SASLMechanisms collection is looped through.  If the server supports a
particular type, it is attempted.  If it succeeds, the looping stops and you
are considered logged in.  Otherwise, the looping continues until a SASL
type finally succeeds, or until there are no more types left to attempt.

> How does Indy know which kind of SASL digestto use?

It generates a list of SASL types that both the server and the
SASLMechanisms commonly support, and then tries all of those until one
finally succeeds.

> Does the server tell Indy to use a specific SASL digest?

No.  It does, however, send a list of all of the SASL types that it

> Can I set preferences? (like "Always use the strongest encryption
> when possible")

You add the items to the SASLMechanisms collection in the order at you want
them to be used when authenticating with the server.



In response to

How to use SASL? posted by Thomas Zangl on Fri, 17 Dec 2004