[Date Prev][Date Next] [Chronological] [Thread] [Top]

AUTHMETH: SASL/TLS EXTERNAL bind vs. RFC2251

To: ietf-ldapext@netscape.com
Subject: AUTHMETH: SASL/TLS EXTERNAL bind vs. RFC2251
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Date: Fri, 02 Jul 1999 10:53:17 -0700
Resent-date: Fri, 02 Jul 1999 11:02:48 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"4fUtND.A.syC.66Pf3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

RFC2251 4.2.1, in part, says:
   Clients MAY send multiple bind requests on a connection to change
   their credentials.  A subsequent bind process has the effect of
   abandoning all operations outstanding on the connection.  (This
   simplifies server implementation.)  Authentication from earlier binds
   are subsequently ignored, and so if the bind fails, the connection
   will be treated as anonymous.

However, the AuthMeth draft 10, in part, says:

   ... the SASL EXTERNAL bind MUST fail with a result code of
   inappropriateAuthentication.  Any authenication identity and
   authorization identity, as well as the TLS connection, which were
   in effect prior to making the Bind Request, MUST remain in force.

Shouldn't a SASL EXTERNAL bind failure result in the connection
being treated as anonymous?

Kurt

Prev by Date: RE: LDAP Tree Delete Control - draft-armijo-ldap-treedelete-01.tx t
Next by Date: I-D ACTION:draft-rharrison-bulkldif-00.txt
Index(es):
- Chronological
- Thread