[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: saslAuthz{To|From}
> -----Original Message-----
> From: Pierangelo Masarati [mailto:ando@sys-net.it]
> > There's a bug in here somewhere. If the Cyrus library
> grabbed the name
> > and parsed a realm from it, then it should not have
> appeared redundantly
> > when it got to us. Either it was provided in an explicit realm
> > parameter, or it was left in the username, but not both. It
> also seems
> > to me that they've been deprecating the use of the explicit Realm
> > parameter, and just appending "@realm" to usernames.
>
> This assumes that the domain of an email used as userid
> is the same as the realm of the user. Sounds a bit too
> optimistic.
Definitely.
> > I note that, having created a user "hyc" with realm "fred" in my
> > /etc/sasldb2, this works:
> > ./ldapsearch -Y DIGEST-MD5 -U hyc@fred
> >
> > but this doesn't:
> > ./ldapsearch -Y DIGEST-MD5 -U hyc -R fred
> > ("fred" is not the default realm for this server...)
More clarification: the -R realm is only used by the client if the server
provides multiple realms to choose from. On the server, you can only use one
realm at a time. So the -R realm is totally useless.
> > If we're going to go down this road, somebody has to get Cyrus to
> > cooperate. Right now what we have is unusable.
>
> I thought you were in good relationship with Cyrus people ;)
We'll see. ;) I filed a bug with them, #2326 on
http://bugzilla.andrew.cmu.edu
> I guess we should discuss the problem with them, and possibly
> bring in other developers which might be affected by our code
> changes ... time for an i.d.?
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support