[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: saslAuthz{To|From}
At 07:22 AM 12/13/2003, Pierangelo Masarati wrote:
>For the mech, I'd rather add another operator, to do
>
>"u:jane@realm/mech"
>
>I would rather leave the <style> modifier to further
>additions ...
Well, the problem is that userid and realm strings have few
character restrictions. Even u.mech.realm:userid is bad
because the realm name can contain colons.
For now, I suggest we just don't generate cn=realm RDNs
for these authzids. And, for mechanisms, I'm fine with
only generating cn=authzid RDN for authzid appearing
in the policy information.
We can leave u.mech and u.mech.realm (or alternatives) to
a later date. I don't think they are generally needed.
Kurt