[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL DigestMD5 ??
At 06:43 PM 2002-10-09, Quan Dinh wrote:
>In SASL/Digest MD5 authentication protocol.
>
>The steps as the following:
>
>1. The client is sending an "initial authentication", a bind request, in which
>the ldap version is 3, the sasl mechanism is "DIGEST-MD5" and the credential is
>absent.
>
>2. The server will response with a bind response with server credential including
>realm|nonce|....|cipher-opts|auth-param.
>
>Q>> based on what information from the client, the server will decide which realm to
>send to the client so that the client will use it for its response??
Which realms sent by the server in its initial DIGEST-MD5
message is not based on information from the client. The client
hasn't provided any information (other than an TCP/IP address/port pair).
Generally, the server sends all realms it has been configured to support
and allows the client to choose from them... OR sends no realm.
I note that while revising RFC 2831 is a LDAPBIS work item, the work is
currently being pursued individually. See draft-melnikov-rfc2831bis.
Once Alexey is ready to progress this I-D, an appropriate WG review will
be performed. Until then, I suggest comments regarding this draft
should be sent to Alexey and/or the ietf-sasl@imc.org list.
Kurt