| Date: | Wed, 08 May 2002 09:31:20 +0200 |
| From: | Norbert Klasen <norbert.klasen [...] daasi.de> |
| To: | Graham Barr <gbarr [...] pobox.com> |
| Cc: | "Kurt D. Zeilenga" <Kurt [...] OpenLDAP.org>, perl-ldap Mailing List <perl-ldap-dev [...] lists.sourceforge.net> |
| Subject: | Re: Authorization with Authen::SASL::Perl::External |
--On Dienstag, 7. Mai 2002 10:42 -0700 "Kurt D. Zeilenga"
<Kurt@OpenLDAP.org> wrote:
Show quoted text
Seems I mixed up the terminology. Just to be sure:
authname = authENTICATION identity
user = authORIZATION identity
Correct?
Nevertheless, the EXTERNAL mechanism has only one round trip so that the
authorize-id needs to be send in client_start. client_step will never get
called and can be removed. Also, the noanonymous flag can be set. See
attached patch.
--
Dipl.-Inform. Norbert Klasen
DAASI International GmbH phone: +49 7071 29 70336
Wilhelmstr. 106 fax: +49 7071 29 5114
72074 Tübingen email: norbert.klasen@daasi.de
Germany web: http://www.daasi.de
>> Hi,
>> RFC2222 says that in the EXTERNAL mechanism "The client sends an initial
>> response with the authorization identity."
>
> It also says:
> If the client sends the empty string as the authorization identity...
>
> Unless the client is attempting proxy authorization, the client
> should send an empty string. This has been discussed in great
> detail on the ietf-sasl@imc.org mailing list.
Message body is not shown because sender requested not to inline it.