directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu (JIRA)" <j...@apache.org>
Subject [jira] Created: (DIRSERVER-1172) Sasl PLAIN mechanism should only be enabled/offered after TLS layer is establish
Date Mon, 12 May 2008 04:19:56 GMT
Sasl PLAIN mechanism should only be enabled/offered after TLS layer is establish
--------------------------------------------------------------------------------

                 Key: DIRSERVER-1172
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1172
             Project: Directory ApacheDS
          Issue Type: Bug
            Reporter: Alex Karasulu


>From RFC 4513 section 3.1.5:

        "The server may advertise different capabilities after installing a
         TLS layer.  In particular, the value of 'supportedSASLMechanisms' may
         be different after a TLS layer has been installed (specifically, the
         EXTERNAL and PLAIN [PLAIN] mechanisms are likely to be listed only
         after a TLS layer has been installed)."

So we should only expose the PLAIN or EXTERNAL mechanism as a value in the RootDSE's supportedSASLMechanisms
attribute for those clients possessing sessions with TLS confidentiality.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message