[Date Prev][Date Next] [Chronological] [Thread] [Top]

Proxy Authorization Source vs. Destination

I'm a little confused by the wording in the following blurb from the
online Admin 2.2 guide, regarding Proxy Authorization rules:

"Destination rules are extremely powerful. If ordinary users have access
to write the saslAuthzTo attribute in their own entries, then they can
write rules that would allow them to authorize as anyone else. As such,
when using destination rules, the saslAuthzTo attribute should be
protected with an ACL that only allows privileged users to set its

A little earlier in the guide, the phrase "Destination rule" was used in
reference to the saslAuthzFrom attribute, and "Source rule" in reference
to the saslAuthzTo attribute.   I understand what the above quoted
paragraph is trying to say, but the use of "Destination" here instead of
"Source" seems reversed to me.  Could some clarify for me, just to aid
my own understanding of the process?

Thank you,

Matthew J. Smith
University of Connecticut ITS
This message sent at Wed Feb 23 13:51:33 2005
PGP Key: http://web.uconn.edu/dotmatt/matt.asc

Attachment: signature.asc
Description: This is a digitally signed message part