[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: saslAuthz{To|From}
Kurt D. Zeilenga wrote:
At 07:22 AM 12/13/2003, Pierangelo Masarati wrote:
dealing with realms is already supported: "u:jane@realm"
(unless we accept "@" as a valid char in a userid, but
this would lead to endless discussion, and it's already
done somewhere else in the code :)
@ is prefectly valid character in a userid.
@ is prefectly valid character in a realm.
Hence, writing userid@realm is a really bad idea.
I knew I was entering a minefield. However,
this is how user and realm are currently
indicated in most software, including slapd,
e.g. at leats in slap_sasl_getdn().
So what? Let me forst implement my idea,
then we can discuss this. It's likely to
seamless to move realm and mech before
the colon in the "u:<user>" syntax.
BTW, as I just replied to ITS#2871, there
is no way to explicitly indicate a realm into
a proxyAuthz request when the user is indicated
as "u:<user>". This extension would allow it...
Ando.
--
Dr. Pierangelo Masarati mailto:pierangelo.masarati@sys-net.it
LDAP Architect, SysNet s.n.c. http://www.sys-net.it
+----------------------------------------------------------------------------+
| SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:+390382476497 |
+----------------------------------------------------------------------------+