Hi, On 5/5/05, Chris Betts wrote: > Hi Folks, > > I'm utterly ignorant about SASL at the server end, but at the client > end all I had to do was write my own ssl socket factory (just extending > the default Sun version) and manually feed it the client cert + key. > At the server end can you do the same sort of trick in reverse and > eavesdrop on the exchange to get the client certificate, and then use > that to authenticate? I guess I'm only thinking of the SASL external > certificate authentication - I don't know about the other versions... > Basically the Java SASL framework allows registration of callback handlers et al. If the EXTERNAL mechanism is being used, there would be a way to get the client credentials from the lower layers (TLS/SSL). Refer to section 9 of RFC 2829 and section 7.4 of RFC 2222 for more info. --snip-- Regards, Vinod.