[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[Protocol][Authmeth][Syntaxes] application of SASLprep
The behavior of SASLprep is dependent on whether the input is
considered a "query" string or a "stored" string [Section 7,
Stringprep]. Hence, when we say (in [Protocol] things like
> clients SHOULD prepare text
> passwords by applying the [SASLprep] profile of the [Stringprep]
> algorithm.
we need to qualify the statement with either
as "query" strings [Section 7, Stringprep]
or
as "stored" strings [Section 7, Stringprep]
In above [Protocol] case, the client is effectively querying the
server as to the validity of the password. Hence, it should be
prepared as a "query" string. Likewise in [AuthMeth] when the
client is providing an uAuthzid.
In [UserSchema] userPassword case, when the client is preparing
a value for storage, it should do so as a "stored" string.
When preparing a value for a compare operation, it should do so
as a "query" string.
Kurt