[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5555) authzTo ACL check for wrong principal

andrew.findlay@skills-1st.co.uk wrote:

> It might be better still to factor out the concept of proxy
> authorisation and its control from the SASL authz mechanism, as it
> applies also to the LDAP Proxied Authorization Control.
> I have not done this as I was unsure where best to put it.

Not sure what you mean there, but I believe the fact that the 
implementation is in saslauth.c is for mere historical reasons.  Right 
now, authorization code is independent from SASL, and is used by a 
number of features: SASL authz, RFC 4370, identity assertion, dgIdentity 
and more.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   ando@sys-net.it