jabber + sasl/gssapi (was: [Gaim-commits] CVS: gaim/src/protocols/jabber auth.c, 1.42, 1.43)
Simon Wilkinson
simon at sxw.org.uk
Wed Oct 24 16:58:23 EDT 2007
On 24 Oct 2007, at 21:28, Greg Hudson wrote:
> The bug here is in Openfire, and is fixed for their 3.4 release.
Yes - from memory Openfire's GSSAPI implementation returned
user at REALM as the authentication identity, but the rest of their code
expected this to just be a username. Specifying an authorization
identity works round this, as it forces the SASL layer to perform the
mapping.
> (I don't currently understand the reasons why we're setting an empty
> user and how that would interact with PLAIN auth in Cyrus SASL.)
I think some servers opt out of the entire authentication =>
authorization mapping issue by just rejecting any connection that
specifies an authorization identity.
S.
More information about the Devel
mailing list