Cyrus-SASL 2.1.22 DIGEST-MD5 and RFC2831

Andreas Winkelmann ml at awinkelmann.de
Sun Jan 28 16:16:46 EST 2007


Hi all.

In another list someone shows an Error-Message from the digest-md5 Plugin:

"xxx: realm changed: authentication aborted".

This happens if the Realm (Server->Client) in Step 1 is diffrent from the 
Realm (Client->Server) in Step 2.

In RFC 2831 the Description of the Realm out of Step 2 is described as:

   realm
      The realm containing the user's account. This directive is
      required if the server provided any realms in the
      "digest-challenge", in which case it may appear exactly once and
      its value SHOULD be one of those realms. If the directive is
      missing, "realm-value" will set to the empty string when computing
      A1 (see below for details).

The Value in Step 2 "SHOULD" be one of the Values passed in Step 1. 
The "SHOULD" is realized as a "MUST" in Cyrus-SASL. Is this really ok or is 
this something which should better be changed?

-- 
	Andreas


More information about the Cyrus-sasl mailing list