Re: Authorization with Authen::SASL::Perl::External

[Norbert K. <nor...@da...>]

--On Dienstag, 7. Mai 2002 13:38 +0100 Graham Barr <gb...@po...> wrote:

>> RFC2222 says that in the EXTERNAL mechanism "The client sends an initial
>> response with the authorization identity." The attached patch does this.
>> An  authorization identity can be set with the 'authname' callback.
>
> Have you tried this, as it does not look right to me,

Yes, it works with OpenLDAP 2.1.0. (Well I do get a 'not authorized' when=20
using a authorization identity that is different from the authentication=20
identity but but that is an OpenLDAP issue. I have yet to setup=20
saslAuthTo/From).

> But Chris could
> confirm as he wrote the original. You have changed this from sending
> the auth as a response to sending it with the initial request.

I also checked with ssldump. In the old version, the authorization identity =

does not get send, because EXTERNAL has only one roudtrip.

> The reason it was using user, was for compatability with previous SASL
> implementation.
>
> Also, it needs to work the same as the Authen::SASL::Cyrus package
> (I have CC'd the author), so if someone can confirm how that works,
> we can make it match.

--=20
Dipl.-Inform. Norbert Klasen
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 T=FCbingen                           email: nor...@da...
Germany                                  web:   http://www.daasi.de