geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeppe Sommer (Trifork)" <...@trifork.com>
Subject Re: CORBA and GSSUP fix -- please review
Date Mon, 13 Feb 2006 11:02:40 GMT
The username@domain form is also what we use in the Trifork Server/ORB...

Andy Piper wrote:

> At 03:51 PM 2/10/2006, Aaron Mulder wrote:
>
>> Just to be clear, I'm talking about GSSUP authentication (where the
>> client sends a token containing a username and password and an encoded
>> domain name) not one of the principal name strategies (e.g. ITT*).
>>
>> Jeppe, I'm not clear whether the GSS Name Form you're describing
>> applies to the username in a username/password/domain token or the
>> principal name in a principal name token.  It would seem weird to set
>> the username to username@domain when the same token already contains a
>> domain name, in effect.
>
>
> "The format of the name passed in the username field depends on the 
> authentication
> domain. If the mechanism identifier of the target domain is GSSUP, 
> then the format of
> the username shall be a Scoped-Username (with name_value) as defined 
> in "Scoped-
> Username GSS Name Form" on page 26-15"
>
> So it applies, although stripping the domain seems legal to me.
>
> andy


Mime
View raw message