Re: saslAuthz{To|From}

[Pierangelo Masarati <ando@sys-net.it>]

Kurt D. Zeilenga wrote:
> At 07:22 AM 12/13/2003, Pierangelo Masarati wrote:
>
> > dealing with realms is already supported: "u:jane@realm"
> > (unless we accept "@" as a valid char in a userid, but
> > this would lead to endless discussion, and it's already
> > done somewhere else in the code :) 
>
>
> @ is prefectly valid character in a userid.
> @ is prefectly valid character in a realm.
>
> Hence, writing userid@realm is a really bad idea.

I knew I was entering a minefield.  However,
this is how user and realm are currently
indicated in most software, including slapd,
e.g. at leats in slap_sasl_getdn().

So what?  Let me forst implement my idea,
then we can discuss this.  It's likely to
seamless to move realm and mech before
the colon in the "u:<user>" syntax.

BTW, as I just replied to ITS#2871, there
is no way to explicitly indicate a realm into
a proxyAuthz request when the user is indicated
as "u:<user>".  This extension would allow it...

Ando.

--
Dr. Pierangelo Masarati         mailto:pierangelo.masarati@sys-net.it
LDAP Architect, SysNet s.n.c.   http://www.sys-net.it

+----------------------------------------------------------------------------+
|   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:+390382476497    |
+----------------------------------------------------------------------------+