[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/tests/scripts test028-idassert conf.sh defines.sh

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: commit: ldap/tests/scripts test028-idassert conf.sh defines.sh
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 19 Jun 2004 08:30:35 -0700
Cc: OpenLDAP Commit <openldap-devel@OpenLDAP.org>
In-reply-to: <40D43C50.1000700@sys-net.it>
References: <200406190805.i5J8576F003857@cantor.openldap.org> <40D43C50.1000700@sys-net.it>

At 06:14 AM 6/19/2004, Pierangelo Masarati wrote:
>ando@OpenLDAP.org wrote:
>
>>Added Files:
>>        test028-idassert  NONE -> 1.1
>> 
>I just found out that native SASL authz doesn't work with CRAM-MD5,
>i.e. the bound identity remains that of the incoming authcDN;
>with DIGEST-MD5 the bound identity is turned into that of the authzDN
>specified via SASL.  I'm not sso familiar with SASL details, but I thought
>the authz did not depend on the specific mech.

Not all SASL mechanisms support proxy authorization...

Kurt

Follow-Ups:
- Re: commit: ldap/tests/scripts test028-idassert conf.sh defines.sh
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- Re: commit: ldap/tests/scripts test028-idassert conf.sh defines.sh
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: limits on internal searches
Next by Date: Re: commit: ldap/tests/scripts test028-idassert conf.sh defines.sh
Index(es):
- Chronological
- Thread