[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: saslAuthz{To|From}



>There's a bug in here somewhere. If the Cyrus library grabbed the name and
>parsed a realm from it, then it should not have appeared redundantly when it
>got to us. Either it was provided in an explicit realm parameter, or it was

I'm using a fairly old version of Cyrus, and I should upgrade. But I don't
think it's related to this issue: pre upgrading to OpenLDAP 2.2.3 things were
working just fine.

If my memory serves me correctly I was seeing the realm in the user name only
for authorization identities that looked like

	u:foo/bar@REALM

whereas

	u:foo@REALM

was parsed as before, ie. the realm did _not_ appear in the user name. Perhaps
there is some escaping issue? The forward slash character is used in Kerberos
to represent multiple instances of a principal name.

-- Luke