Re: DIGEST-MD5 authzid question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri Feb  2 20:27:30 2007, Remko Tronçon wrote:
I would guess that it's to avoid the case where a server
implementation always rejects any request for an authzid.

Well, I have this problem with an XMPP server, but in XMPP, the
authzid for a user is different from its authid, so the check doesn't
help. Luckily, an authzid in XMPP can never be used as an authid, so
we don't have a problem with the equality check.

Oh. Then my client code's wrong - I've been cheerfully sending a full jid, but yes, RFC3920 6.1.6 clearly states I'm wrong to do so. That said, I'm more than a little surprised, since the domain will end up filled in by the server based on previous stuff anyway.

(My client code does seem to interoperate, FWIW).

Dave.
--
Dave Cridland - mailto:dave@xxxxxxxxxxxx - xmpp:dwd@xxxxxxxxxx
 - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
 - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux