to do a comparative analysis of the functions it makes sense to know one side very well. i found it easier to understand factotum and compare the others to factotum. to me SASL is more like the functions of factotum's rpc and proto files. Window's Local Security Authority (LSA) combined with Security Support Provider Interface (SSPI) and the corresponding protocol DDL's, is more comparable to factotum's credentials caching, rpc/proto/needkey, etc fs interface and how it negotiates change of identity of a verified process using cap(3). on Linux, for a server, SASL+setuid program+PAM is sort-of like factotum and SASL+app is sort of like factotum for a client.

On Sun, Nov 16, 2014 at 9:03 PM, Enrico Weigelt, metux IT consult <enrico.weigelt@gr13.net> wrote:

Hi folks,

I've got the impression that there're some similarities between SASL
(saslauthd) and Factotum - at least at the point that both are
offloading actual authentication handshakes to a separate service.
But I have to admit that I didn't have done a deeper analysis of
these two.

Could anybody with deeper insight perhaps give some detailed
comparison between them ?

greetings,
--
Enrico Weigelt,
metux IT consulting
+49-151-27565287