[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL access question using JNDI solved

To: Will Holcomb <will@himinbi.org>
Subject: Re: SASL access question using JNDI solved
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 08 Feb 2002 10:45:54 -0800
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <Pine.LNX.4.33.0202081244230.4679-100000@odin.himinbi.org>

At 10:48 AM 2002-02-08, Will Holcomb wrote:
>I sent mail eariler trying to figure out the JNDI access to sasl. I 
>eventually just started putting random things in and found that instead 
>of:
>
>environment.put(Context.SECURITY_PRINCIPAL, "uid=honors + realm=odin");
>
>just
>
>environment.put(Context.SECURITY_PRINCIPAL, "honors");
>
>seems to work.

Yes, but that's not the right way....  Unless you are doing
proxy authorization, you should configure the client such that
no (or empty) authorization identity is sent.  This tells the
server to derive the authorization identity from the
authentication identity.

Kurt

References:
- SASL access question using JNDI solved
  - From: Will Holcomb <will@himinbi.org>

Prev by Date: SASL access question using JNDI solved
Next by Date: Re: Department names?
Index(es):
- Chronological
- Thread