DIGEST-MD5 authzid question
Kurt Zeilenga
kurt at OpenLDAP.org
Fri Feb 2 12:35:30 EST 2007
On Feb 2, 2007, at 9:06 AM, Dave Cridland wrote:
> In practise, they're really only distinct namespaces in LDAP.
and, in LDAP, they generally should not match... if they do,
it's likely better not to send the authzid (to avoid sending
a malformed LDAP authzId). The only (rare) case where this
would be bad is when !strcmp(authcid,authzid) but USER(authcid)
!= USER(authzid). That is, authcid="u:foo", authzid="u:foo",
but the user represented by the authcid is not the same as
the user represented by the authzid.
-- Kurt
More information about the Cyrus-sasl
mailing list