[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: proxy authentication

This is basically the same as passing through the SASL
bind request/responses EXCEPT the authenticating server
knows it doing for the middle box and hence can prepare
a response which can be relayed to the end client.

(This could be done with bind+controls instead of an exop).


At 04:20 PM 2002-06-16, Kurt D. Zeilenga wrote:
>another approach would be to have an extended operation
>which would an application server could use to proxy the
>SASL exchanges.  That is, an exop whose request data
>was the SASL request data provided to application server
>(from the application client) and whose response data
>was the SASL response data to be provided to the
>application client.  The exop could also carry, on
>the last exchange response, the authentication and
>authorization identity established.