[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: saslAuthz{To|From}
>There's a bug in here somewhere. If the Cyrus library grabbed the name and
>parsed a realm from it, then it should not have appeared redundantly when it
>got to us. Either it was provided in an explicit realm parameter, or it was
I'm using a fairly old version of Cyrus, and I should upgrade. But I don't
think it's related to this issue: pre upgrading to OpenLDAP 2.2.3 things were
working just fine.
If my memory serves me correctly I was seeing the realm in the user name only
for authorization identities that looked like
u:foo/bar@REALM
whereas
u:foo@REALM
was parsed as before, ie. the realm did _not_ appear in the user name. Perhaps
there is some escaping issue? The forward slash character is used in Kerberos
to represent multiple instances of a principal name.
-- Luke