[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL access question using JNDI solved

At 10:48 AM 2002-02-08, Will Holcomb wrote:
>I sent mail eariler trying to figure out the JNDI access to sasl. I 
>eventually just started putting random things in and found that instead 
>environment.put(Context.SECURITY_PRINCIPAL, "uid=honors + realm=odin");
>environment.put(Context.SECURITY_PRINCIPAL, "honors");
>seems to work.

Yes, but that's not the right way....  Unless you are doing
proxy authorization, you should configure the client such that
no (or empty) authorization identity is sent.  This tells the
server to derive the authorization identity from the
authentication identity.