I'm a little confused by the wording in the following blurb from the online Admin 2.2 guide, regarding Proxy Authorization rules: "Destination rules are extremely powerful. If ordinary users have access to write the saslAuthzTo attribute in their own entries, then they can write rules that would allow them to authorize as anyone else. As such, when using destination rules, the saslAuthzTo attribute should be protected with an ACL that only allows privileged users to set its values." A little earlier in the guide, the phrase "Destination rule" was used in reference to the saslAuthzFrom attribute, and "Source rule" in reference to the saslAuthzTo attribute. I understand what the above quoted paragraph is trying to say, but the use of "Destination" here instead of "Source" seems reversed to me. Could some clarify for me, just to aid my own understanding of the process? Thank you, -Matt Matthew J. Smith University of Connecticut ITS This message sent at Wed Feb 23 13:51:33 2005 PGP Key: http://web.uconn.edu/dotmatt/matt.asc
Attachment:
signature.asc
Description: This is a digitally signed message part