[Date Prev][Date Next]
Re: commit: ldap/tests/scripts test028-idassert conf.sh defines.sh
Kurt D. Zeilenga wrote:
At 06:14 AM 6/19/2004, Pierangelo Masarati wrote:I guessed something like that, and I was going to look for a means to detect
I just found out that native SASL authz doesn't work with CRAM-MD5,
test028-idassert NONE -> 1.1
i.e. the bound identity remains that of the incoming authcDN;
with DIGEST-MD5 the bound identity is turned into that of the authzDN
specified via SASL. I'm not sso familiar with SASL details, but I thought
the authz did not depend on the specific mech.
Not all SASL mechanisms support proxy authorization...
what mechs support it, because the idassert code currently assumes that
configured to use SASL method authz will be done natively by SASL.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497