DIGEST-MD5 authzid question
Dave Cridland
dave at cridland.net
Fri Feb 2 12:06:46 EST 2007
On Fri Feb 2 16:48:59 2007, Remko Tronçon wrote:
> Does this mean that Cyrus compares the authorization id against the
> authentication id, and doesn't add it to the challenge if they are
> equal? If so, why is this done?
I would guess that it's to avoid the case where a server
implementation always rejects any request for an authzid.
> Because Section 5 of RFC2222bis says
> that "A protocol profile MUST specify the form of the authorization
> identity (since it is protocol specific, as opposed to the
> authentication identity, which is mechanism specific) and how
> authorization identities are to be compared.", so comparing
> authorization and authentication ids asounds illegal in the first
> place.
In practise, they're really only distinct namespaces in LDAP.
In XMPP and mail, the default authzid is basically the canonicalized
authid, and the canonicaliztion process is pretty well a no-op.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Cyrus-sasl
mailing list