sasl_client_start - Begin an authentication negotiation at Linux.org

Back to main site | Back to man page index
sasl_client_start(3)                                SASL man pages                               sasl_client_start(3)



NAME
       sasl_client_start - Begin an authentication negotiation

SYNOPSIS
       #include <sasl/sasl.h>

       int sasl_client_start(sasl_conn_t * conn,
                       const char * mechlist,
                       sasl_interact_t ** prompt_need,
                       const char ** clientout,
                       unsigned * clientoutlen,
                       const char ** mech);


DESCRIPTION
       sasl_client_start() selects a mechanism for authentication and starts the authentication session. The mechlist
       is the list of mechanisms the client might like to use. The mechanisms in the list are  not  necessarily  sup‐
       ported  by the client or even valid. SASL determines which of these to use based upon the security preferences
       specified earlier. The list of mechanisms is typically a list of mechanisms the server supports acquired  from
       a capability request.

       If  SASL_INTERACT  is  returned  the  library  needs  some  values  to be filled in before it can proceed. The
       prompt_need structure will be filled in with requests. The application should fulfill these requests and  call
       sasl_client_start  again  with  identical  parameters  (the  prompt_need parameter will be the same pointer as
       before but filled in by the application).


       mechlist is a list of mechanisms the server has available. Punctuation is ignored.

       prompt_need is filled in with a list of prompts needed to continue (if necessary).

       clientout and clientoutlen is created. It is the initial client response to send to the server. It is the  job
       of  the  client  to  send  it  over the network to the server.  Any protocol specific encoding (such as base64
       encoding) necessary needs to be done by the client.

       If the protocol lacks client-send-first capability, then set clientout to NULL.

       If there is no initial client-send, then *clientout will be set to NULL on return.

       mech contains the name of the chosen SASL mechanism (on success)


RETURN VALUE
       sasl_client_start returns an integer which corresponds to one of the following codes. SASL_CONTINUE  indicates
       success and that there are more steps needed in the authentication. All other return codes indicate errors and
       should either be handled or the authentication session should be quit.


CONFORMING TO
       RFC 4422

SEE ALSO
       sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_client_init(3), sasl_client_new(3), sasl_client_step(3)