[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: saslAuthz{To|From}

Kurt D. Zeilenga wrote:
At 07:22 AM 12/13/2003, Pierangelo Masarati wrote:

dealing with realms is already supported: "u:jane@realm"
(unless we accept "@" as a valid char in a userid, but
this would lead to endless discussion, and it's already
done somewhere else in the code :)

@ is prefectly valid character in a userid.
@ is prefectly valid character in a realm.

Hence, writing userid@realm is a really bad idea.

I knew I was entering a minefield. However, this is how user and realm are currently indicated in most software, including slapd, e.g. at leats in slap_sasl_getdn().

So what?  Let me forst implement my idea,
then we can discuss this.  It's likely to
seamless to move realm and mech before
the colon in the "u:<user>" syntax.

BTW, as I just replied to ITS#2871, there
is no way to explicitly indicate a realm into
a proxyAuthz request when the user is indicated
as "u:<user>".  This extension would allow it...


Dr. Pierangelo Masarati         mailto:pierangelo.masarati@sys-net.it
LDAP Architect, SysNet s.n.c.   http://www.sys-net.it
|   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:+390382476497    |