[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Inconsistency with failed binds



>>> Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 12/01 2:02 PM >>>
>[Protocol] 4.2.1, last paragraph, says:
>   if the bind fails, the connection will be treated as anonymous.
>
>However, the state machine in [Authmeth] 6.4 shows several instances of
>failed binds (action A2) resulting in authenticated state (state S4-S8).

I've changed the text to read: 
"Authentication from earlier binds are subsequently ignored. A failed or abandoned Bind Operation has the effect of leaving the connection in an anonymous state. To arrive at a known authentication state after abandoning a bind operation, clients may either unbind, rebind, or make use of the BindResponse."

Hopefully this covers it.

>BTW, there is no action defined in [Authmeth] 6.2 for a bind with
>incorrect credentials, only without credentials when the server requires
>them.
>
>Maybe action A1 (anonymous bind) should be extended to cover that,
>and maybe A2 should be merged into it as well?

I'll let Roger address those

>-- 
>Hallvard

Thanks. Jim