[Fedora-directory-users] SASL authentication
David Boreham
david_list at boreham.org
Fri Sep 8 15:04:14 UTC 2006
> I skimmed RFC 4513 (sans coffee) and didn't find the section you're
> referring to. I did see that RFC 4422 (last paragraph of section 3.6)
> seems to suggest that OS X's and OpenLDAP's behavior is legitimate and
> useful.
I'm not sure I read that there. I see this :
It is also important that the server can be configured such that the outcome
message will not distinguish between a valid user with invalid credentials
and an invalid user.
This is eactly what I was saying and would appear to be the opposite of
what OpenLDAP have implemented.
Back and bit in that same paragraph it says :
The outcome is not successful if
...
- the client's credentials could not be verified,
which again seems to be in line with the FDS implementation because
it tells the client that the authentication attempt was unsuccessful.
More information about the Fedora-directory-users
mailing list