[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
AUTHMETH: SASL/TLS EXTERNAL bind vs. RFC2251
RFC2251 4.2.1, in part, says:
Clients MAY send multiple bind requests on a connection to change
their credentials. A subsequent bind process has the effect of
abandoning all operations outstanding on the connection. (This
simplifies server implementation.) Authentication from earlier binds
are subsequently ignored, and so if the bind fails, the connection
will be treated as anonymous.
However, the AuthMeth draft 10, in part, says:
... the SASL EXTERNAL bind MUST fail with a result code of
inappropriateAuthentication. Any authenication identity and
authorization identity, as well as the TLS connection, which were
in effect prior to making the Bind Request, MUST remain in force.
Shouldn't a SASL EXTERNAL bind failure result in the connection
being treated as anonymous?
Kurt