class Net::SASL::Authenticator
A base class to use for SASL
authenticators.
Public Class Methods
Creates a new authenticator.
Each specific mechanism determines how the arguments are interpreted—see each mechanisms' documentation for details. Whenever it's reasonable, mechanisms should support the standard positional and keyword arguments and ignore any irrelevant or unknown arguments.
Standard arguments¶ ↑
-
authcid
: the authentication identity, the identity associated with the authentication credentials. This is usually ausername
. -
credentials
: the authentication credentials, e.g. apassword
or a secret bearer token. Some mechanisms may not require an explicitauthcid
if it is encoded inside the authentication credentials. -
authzid
: the authorization identity, an identity to act as or on behalf of. If this is is not given (or is left blank), the server will derive an authorization identity from the authentication credentials, usually the same as the authentication identity.
The server is responsible for verifying the client's credentials and verifying that the identity it associates with the client's credentials (e.g., the authentication identity) is allowed to act as the authorization identity. The precise form(s) of identities and credentials may be dictated by the mechanism and by the server.
Standard options¶ ↑
-
host
: the server hostname which is being connected to -
port
: the server port being connected to -
realm
: some mechanisms use “realms” or “domains” to segment authentication identities. This is protocol dependant and it might be the same ashost
.
# File lib/net/sasl/authenticator.rb, line 43 def initialize(authcid = nil, credentials = nil, authzid = nil, **_options) @username = authcid @password = credentials @authzid = authzid end
Public Instance Methods
Process a challenge
string from the server and return the response. This method should be sent an unencoded challenge and return an unencoded response. The client is responsible for receiving and decoding the challenge, according the the specification of the specific protocol, e.g. IMAP4 base64 encodes challenges and responses.
A nil challenge
will be sent to get the initial responses, when that is supported by the mechanism (supports_initial_response?
returns true) and by the protocol.
Calling process
when done?
returns true has undefined behavior: it may raise an excepion, return the previous response again, or raise an exception.
# File lib/net/sasl/authenticator.rb, line 67 def process(challenge) raise NotImplementedError, "implemented by SASL mechanism subclasses" end
Does this mechanism support sending an initial response via SASL-IR?
# File lib/net/sasl/authenticator.rb, line 50 def supports_initial_response? false end