[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: saslAuthz{To|From}

> -----Original Message-----
> From: Pierangelo Masarati [mailto:ando@sys-net.it]

> > There's a bug in here somewhere. If the Cyrus library
> grabbed the name
> > and parsed a realm from it, then it should not have
> appeared redundantly
> > when it got to us. Either it was provided in an explicit realm
> > parameter, or it was left in the username, but not both. It
> also seems
> > to me that they've been deprecating the use of the explicit Realm
> > parameter, and just appending "@realm" to usernames.
> This assumes that the domain of an email used as userid
> is the same as the realm of the user.  Sounds a bit too
> optimistic.


> > I note that, having created a user "hyc" with realm "fred" in my
> > /etc/sasldb2, this works:
> > 	./ldapsearch -Y DIGEST-MD5 -U hyc@fred
> >
> > but this doesn't:
> > 	./ldapsearch -Y DIGEST-MD5 -U hyc -R fred
> > ("fred" is not the default realm for this server...)

More clarification: the -R realm is only used by the client if the server
provides multiple realms to choose from. On the server, you can only use one
realm at a time. So the -R realm is totally useless.

> > If we're going to go down this road, somebody has to get Cyrus to
> > cooperate. Right now what we have is unusable.
> I thought you were in good relationship with Cyrus people ;)

We'll see. ;)  I filed a bug with them, #2326 on

> I guess we should discuss the problem with them, and possibly
> bring in other developers which might be affected by our code
> changes ...  time for an i.d.?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support