[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/tests/scripts test028-idassert conf.sh defines.sh

Kurt D. Zeilenga wrote:

At 06:14 AM 6/19/2004, Pierangelo Masarati wrote:

ando@OpenLDAP.org wrote:

Added Files:
      test028-idassert  NONE -> 1.1

I just found out that native SASL authz doesn't work with CRAM-MD5,
i.e. the bound identity remains that of the incoming authcDN;
with DIGEST-MD5 the bound identity is turned into that of the authzDN
specified via SASL. I'm not sso familiar with SASL details, but I thought
the authz did not depend on the specific mech.

Not all SASL mechanisms support proxy authorization...

I guessed something like that, and I was going to look for a means to detect
what mechs support it, because the idassert code currently assumes that when
configured to use SASL method authz will be done natively by SASL.


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497