I’‘ve been trying to find documentation about how Wildfire uses SASL for authentication, but haven’‘t had much success. I understand that for SASL to work correctly the client must support it, however, one question I’'m getting stuck on is whether a Wildfire installation that uses LDAP for authentication can also use SASL.
It would be great if somebody could point me in the right direction with SASL, and SASL with LDAP? Also what clients do support SASL. I’'ve read that Spark does, but how can one tell if SASL is being used with authentication or not?
SASL is just a generic authentication method. It supports many mechanisms, one of which is digest. But also others, such as PLAIN, GSSAPI (and many more that Wildfire dosnt know how to support). The trouble is, for the digest style authentications to work, Wildfire itself needs to know the user’'s password. When using LDAP, Wildfire does not know, so it cant use it.
It would be an interesting exersize to see someone implement a SASL “passthrough” which uses the SASL mechanisms of the LDAP server (if it supports it). But this idea is wildly off topic to your question.
In answer to your question, yes SASL authentication will work. Wildfire will try to do the right thing. If you have an older client that dosnt support SASL authentication, Wildfire will still work. Most clients should describe what they can handle. But off the top of my head, I know that: