[Psi-devel] [bug] qca-sasl request authzid from it's user
textshell-I1QKlO at neutronstar.dyndns.org
textshell-I1QKlO at neutronstar.dyndns.org
Fri Dec 8 06:10:28 PST 2006
On Fri, Dec 08, 2006 at 04:03:08PM +0200, Norman Rasmussen wrote:
> On 12/8/06, Norman Rasmussen <norman at rasmussen.co.za> wrote:
> > On 12/8/06, textshell-I1QKlO at neutronstar.dyndns.org
> > <textshell-I1QKlO at neutronstar.dyndns.org> wrote:
> > > qca-sasl always requests a authzid from it's users.
> > > This leads psi to send an authzid in some cases even if the user didn't specify one, that's asking for trouble IMO.
> > >
> > > i think it's wrong to set authzid to the jid without the user requesting authzid being set.
>
> re: muc discussion - you're 100% right. If the Psi user doesn't
> explicty set the authzid, then it should not be used during sasl -
> i.e. field should be missing/null.
i just checked the relevant SASL RFCs, they are pretty clear that authzid
handling is not required for server implementations and those servers will
reject any SASL exchanges with authzid set.
"""If the client specifies it [authzid], and the server does not support
it, then the response-value calculated on the server will not match the one
calculated on the client and authentication will fail. """ [DIGEST-MD5
draft]
"""As with other SASL mechanisms, the client does not provide an
authorization identity when it wishes the server to derive an identity from
the credentials and use that as the authorization identity.""" [SASL-PLAIN,
RFC4616]
the MUC discussion with Norman is found at
http://chatlogs.jabber.ru/psi%40conference.jabber.ru/2006/12/08.html#16:45:43
More information about the psi-devel
mailing list