[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Use of user name with DIGEST-MD5 in LDAP
<draft-ietf-ldapext-authmeth-04.txt> specifies how SASL/DIGEST-MD5 authentication
method can be used with LDAP.
In the first stage of authentication, when the client is performing
what is called an "initial authentication" as defined in <draft-leach-digest-sasl-03.txt>
the client sends a bind request w/o credentials. The server responds with
a bind response with digest-challenge containing a realm string. Conceptually,
this string can be used by the user so they know which username/password
to use.
What is the content of the 'name' field in the initial bind request?
Is it let empty (until the realm is known so that the user can choose
what dn is best to use) ?
It is set to the user authentication identity (the identity specified
later in the 'username' field of the digest-response sent by the client
to the server) ?
-Sylvain
-----------------------------------------------
Sylvain Duloutre
Sun Microsystems Inc.
Sun-Netscape Alliance - iPlanet Directory Group