[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL DigestMD5 ??

To: Quan.Dinh@oracle.com
Subject: Re: SASL DigestMD5 ??
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 10 Oct 2002 09:55:04 -0700
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <3DA4DB25.28BF6B99@oracle.com>
References: <5.1.0.14.0.20020929181425.044ebde8@127.0.0.1>

At 06:43 PM 2002-10-09, Quan Dinh wrote:
>In SASL/Digest MD5 authentication protocol. 
>
>The steps as the following: 
>
>1. The client is sending an "initial authentication", a bind request, in which 
>the ldap version is 3, the sasl mechanism is "DIGEST-MD5" and the credential is 
>absent. 
>
>2. The server will response with a bind response with server credential including 
>realm|nonce|....|cipher-opts|auth-param. 
>
>Q>> based on what information from the client, the server will decide which realm to 
>send to the client so that the client will use it for its response?? 

Which realms sent by the server in its initial DIGEST-MD5
message is not based on information from the client.  The client
hasn't provided any information (other than an TCP/IP address/port pair).

Generally, the server sends all realms it has been configured to support
and allows the client to choose from them...  OR sends no realm.

I note that while revising RFC 2831 is a LDAPBIS work item, the work is
currently being pursued individually.  See draft-melnikov-rfc2831bis.
Once Alexey is ready to progress this I-D, an appropriate WG review will
be performed.  Until then, I suggest comments regarding this draft
should be sent to Alexey and/or the ietf-sasl@imc.org list.

Kurt

References:
- SASL DigestMD5 ??
  - From: Quan Dinh <Quan.Dinh@oracle.com>

Prev by Date: SASL DigestMD5 ??
Next by Date: hasSubordinates
Index(es):
- Chronological
- Thread