[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authmeth-07 issues

To: ietf-ldapbis@OpenLDAP.org
Subject: Re: authmeth-07 issues
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 27 Oct 2003 20:54:34 +0100
In-reply-to: <HBF.20031014pk3@bombur.uio.no>
References: <HBF.20031014pk3@bombur.uio.no>

I wrote:

> State the effect of a failed SASL bind or a non-SASL bind on an
> existing SASL security layer.

Never mind, there is no need.  In the SASL list, Alexey Melnikov (the
[SASL] author) said that the layer can only be cancelled/replaced after
a subsequent authentication completes successfully.  So the LDAP bind is
done while the old layer is in effect.

However, that means that after a _failed_ LDAP bind, the connection will
be left anonymous (because [Authmeth] and [Protocol] say so), but with
the old SASL layer still in effect.  That's ugly, but I don't see that
anything can be done about it.

-- 
Hallvard

Follow-Ups:
- Re: authmeth-07 issues
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- authmeth-07 issues
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: LDAP based on X.500 '93
Next by Date: Re: authmeth-07 issues
Index(es):
- Chronological
- Thread