[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5555) authzTo ACL check for wrong principal

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5555) authzTo ACL check for wrong principal
From: ando@sys-net.it
Date: Mon, 16 Jun 2008 17:28:20 GMT

andrew.findlay@skills-1st.co.uk wrote:

> It might be better still to factor out the concept of proxy
> authorisation and its control from the SASL authz mechanism, as it
> applies also to the LDAP Proxied Authorization Control.
> I have not done this as I was unsure where best to put it.

Not sure what you mean there, but I believe the fact that the 
implementation is in saslauth.c is for mere historical reasons.  Right 
now, authorization code is independent from SASL, and is used by a 
number of features: SASL authz, RFC 4370, identity assertion, dgIdentity 
and more.

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   ando@sys-net.it
-----------------------------------

Prev by Date: Re: (ITS#5555) authzTo ACL check for wrong principal
Next by Date: Re: (ITS#5555) authzTo ACL check for wrong principal
Index(es):
- Chronological
- Thread