[Date Prev][Date Next]
Re: proxy authentication
This is basically the same as passing through the SASL
bind request/responses EXCEPT the authenticating server
knows it doing for the middle box and hence can prepare
a response which can be relayed to the end client.
(This could be done with bind+controls instead of an exop).
At 04:20 PM 2002-06-16, Kurt D. Zeilenga wrote:
>another approach would be to have an extended operation
>which would an application server could use to proxy the
>SASL exchanges. That is, an exop whose request data
>was the SASL request data provided to application server
>(from the application client) and whose response data
>was the SASL response data to be provided to the
>application client. The exop could also carry, on
>the last exchange response, the authentication and
>authorization identity established.