[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5555) authzTo ACL check for wrong principal
andrew.findlay@skills-1st.co.uk wrote:
> It might be better still to factor out the concept of proxy
> authorisation and its control from the SASL authz mechanism, as it
> applies also to the LDAP Proxied Authorization Control.
> I have not done this as I was unsure where best to put it.
Not sure what you mean there, but I believe the fact that the
implementation is in saslauth.c is for mere historical reasons. Right
now, authorization code is independent from SASL, and is used by a
number of features: SASL authz, RFC 4370, identity assertion, dgIdentity
and more.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: ando@sys-net.it
-----------------------------------