[Fedora-directory-users] SASL authentication
Josh Kelley
joshkel at gmail.com
Fri Sep 8 14:35:14 UTC 2006
On 9/7/06, Richard Megginson <rmeggins at redhat.com> wrote:
> I checked RFC 4513 - http://www.ietf.org/rfc/rfc4513.txt - it doesn't
> say anything about the correct result code to return in this case, other
> than it is an error if anything other than success or bindinprogress is
> returned. You might want to ask on ldap at umich.edu or on
> IRC.freenode.net #ldap if there is a standard that covers this case.
Thanks for the suggestion. I'll ask.
I skimmed RFC 4513 (sans coffee) and didn't find the section you're
referring to. I did see that RFC 4422 (last paragraph of section 3.6)
seems to suggest that OS X's and OpenLDAP's behavior is legitimate and
useful.
Even if the standards permit either behavior (and even if it's
slightly more secure to not reveal additional information, as David
Boreham pointed out), wouldn't it be worth having FDS compatible with
OpenLDAP and OS X?
Josh Kelley
More information about the Fedora-directory-users
mailing list