[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: commit: ldap/libraries/libldap cyrus.c



> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]

> Actually, portions of RFC 2251 apply here as well.  Personally,
> I find the text is quite ambiguous here.  We likely should
> raise some clarification points to LDAPBIS.

I didn't see anything particularly relevant in RFC 2829. Now that you mention
it, I see in RFC2251 (sect 4.2.1) that a client MUST establish a new
connection if the chosen SASL mechanism doesn't support the changing of
credentials. In our case, whether the mechanism supports it or not, the SASL
library really doesn't.

It seems to me that the current text in 4.2.1 is overly restrictive. The
approach that is implemented in these patches is equally secure to dropping
the connection and starting over. I would advocate this method for LDAPBIS.

> Kurt
>
> At 06:38 AM 4/30/2003, hyc@OpenLDAP.org wrote:
> >Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap
> >
> >Modified Files:
> >        cyrus.c  1.83 -> 1.84
> >
> >Log Message:
> >ITS#2424 reset SASL on an existing connection

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support