[Date Prev][Date Next]
Re: Inconsistency with failed binds
>>> Hallvard B Furuseth <email@example.com> 12/01 2:02 PM >>>
>[Protocol] 4.2.1, last paragraph, says:
> if the bind fails, the connection will be treated as anonymous.
>However, the state machine in [Authmeth] 6.4 shows several instances of
>failed binds (action A2) resulting in authenticated state (state S4-S8).
I've changed the text to read:
"Authentication from earlier binds are subsequently ignored. A failed or abandoned Bind Operation has the effect of leaving the connection in an anonymous state. To arrive at a known authentication state after abandoning a bind operation, clients may either unbind, rebind, or make use of the BindResponse."
Hopefully this covers it.
>BTW, there is no action defined in [Authmeth] 6.2 for a bind with
>incorrect credentials, only without credentials when the server requires
>Maybe action A1 (anonymous bind) should be extended to cover that,
>and maybe A2 should be merged into it as well?
I'll let Roger address those