[Psi-devel] Fwd: [jdev] Are there any clients supporting SASL authorization identities?

[Justin Karneges]

SASL separates authentication and authorization.  The username and password 
form the authentication, which is simply proving who you are.  An 
authorization id (sometimes abbreviated as "authzid") can also be provided, 
if you want to be authorized for something other than the default.

How an authzid works is protocol-specific.  In XMPP, it is a JID.  If 
unspecified, you login using the default JID for your username (which is 
username at domain).  By using authzid, you could attempt to login as another 
JID.

This means that an admin could login using his usual admin credentials (same 
password), but authorize as another user's JID.

I'm pretty sure Iris can do this, or if not then it is a couple of uncomments 
away.  I'm not sure of the best way to add the authzid field into Psi though.

-Justin

On Monday 24 July 2006 18:14, Hal Rottenberg wrote:
> Will we have this?  WTH is it?  ;)
>
> ---------- Forwarded message ----------
> From: Matthias Wimmer <m at tthias.eu>
> Date: Jul 24, 2006 6:08 PM
> Subject: [jdev] Are there any clients supporting SASL authorization
> identities? To: jdev at jabber.org
>
>
> Hi!
>
>
> I just added support for SASL authorization identities to my client
> connection manager (jadc2s). This allows to authenticate as an admin
> user to the Jabber server, but to authorize as someone else.
> I'd now like to know if there is already a client, that supports having
> a different authorization identity. Currently I could only test this
> feature using telnet and sending the XML myself.
>
>
> Matthias