[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: saslAuthz{To|From}
> There's a bug in here somewhere. If the Cyrus library grabbed the name
> and parsed a realm from it, then it should not have appeared redundantly
> when it got to us. Either it was provided in an explicit realm
> parameter, or it was left in the username, but not both. It also seems
> to me that they've been deprecating the use of the explicit Realm
> parameter, and just appending "@realm" to usernames.
This assumes that the domain of an email used as userid
is the same as the realm of the user. Sounds a bit too
optimistic.
>
> I note that, having created a user "hyc" with realm "fred" in my
> /etc/sasldb2, this works:
> ./ldapsearch -Y DIGEST-MD5 -U hyc@fred
>
> but this doesn't:
> ./ldapsearch -Y DIGEST-MD5 -U hyc -R fred
> ("fred" is not the default realm for this server...)
>
> On the client side, the SASL library never asks for the SASL_REALM
> prompt, so the -R argument is ignored. On the server, the SASL digestmd5
> plugin always parses the realm out of the provided authIDs.
>
> If we're going to go down this road, somebody has to get Cyrus to
> cooperate. Right now what we have is unusable.
I thought you were in good relationship with Cyrus people ;)
I guess we should discuss the problem with them, and possibly
bring in other developers which might be affected by our code
changes ... time for an i.d.?
Ando.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it