At 07:55 AM 12/13/2003, Pierangelo Masarati wrote:
Kurt D. Zeilenga wrote:
At 07:22 AM 12/13/2003, Pierangelo Masarati wrote:
dealing with realms is already supported: "u:jane@realm"
(unless we accept "@" as a valid char in a userid, but
this would lead to endless discussion, and it's already
done somewhere else in the code :)
@ is prefectly valid character in a userid. @ is prefectly valid character in a realm. Hence, writing userid@realm is a really bad idea.
I knew I was entering a minefield. However, this is how user and realm are currently indicated in most software, including slapd, e.g. at leats in slap_sasl_getdn().
So what? Let me forst implement my idea, then we can discuss this. It's likely to seamless to move realm and mech before the colon in the "u:<user>" syntax.
I don't mind allowing user@realm too much. But user@realm/mech is bit problematic.
How about a compromise: u.mech:user@realm ?
Sure. This leaves the problem that user@domain is a valid userid (see posting from Randall) and is potentially in use.
To improve entropy, the treatment of "u.mech:user@realm" requires to cast it into "u:user@realm" and move "mech" to the "c_sasl_bind_mech" member of the Connection! I'll fix this later. For now, I have done the u:user@realm/mech stuff and tested it.
Ando.
-- Dr. Pierangelo Masarati mailto:pierangelo.masarati@sys-net.it LDAP Architect, SysNet s.n.c. http://www.sys-net.it
+----------------------------------------------------------------------------+ | SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:+390382476497 | +----------------------------------------------------------------------------+