[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Should response-auth be optional for digest authentication in authmeth?

To: "Roger Harrison" <RHARRISON@novell.com>
Subject: Re: Should response-auth be optional for digest authentication in authmeth?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 09 May 2003 17:09:31 -0700
Cc: <mark.ennis@adacel.com>, <ietf-ldapbis@OpenLDAP.org>
In-reply-to: <seb2e96b.002@prv-mail20.provo.novell.com>

At 08:52 PM 5/2/2003, Roger Harrison wrote:
>I believe we should modify the text of authmeth-05 section 8.2 paragraph 6 to always have the credentials field contain the value of response-auth *if* this can be done without causing a problem for item 5 above (ability to signal server support for subsequent authenticaion) AND also not cause interoperability problems for clients that may not be expecting the value.

I believe this modification is quite appropriate.
RFC 2831 is correct here, we need to align to it
(actually to draft-ietf-sasl-rfc2831bis).

If anyone things RFC 2831 is incorrect here then they
should take the issue up with the SASL WG.

Kurt

References:
- Re: Should response-auth be optional for digest authentication in authmeth?
  - From: "Roger Harrison" <RHARRISON@novell.com>

Prev by Date: RE: I-D ACTION:draft-klasen-ldap-facs-tel-number-matching-00.txt
Next by Date: Re: result code for a deleted identity on a connection
Index(es):
- Chronological
- Thread