[Standards] SASL Plain - AuthID - Bare JID or User Name?

Matthias Wimmer m at tthias.eu
Tue Feb 6 19:36:33 UTC 2007

Hi Peter!

Peter Saint-Andre schrieb:
>> We just ran into a problem doing Authentication with WildFire using 
>> the Open Source SoapBox Framework and SASL Plain.
>> The SoapBox Framework is using a bare JID (“user at server”) as the 
>> authid that’s passed across the link. The Jive server is expecting 
>> only a user name (“user”).
> RFC 3920, Section 6.1, point 7 says in part:
> "If provided, the value of the authorization identity MUST be of the 
> form <domain> (i.e., a domain identifier only) for servers and of the 
> form <node at domain> (i.e., node identifier and domain identifier) for 
> clients."

Chris talks about authid (which is authentication identity) ... while 
the RFC talks about authorization id (authzid).

But we have something about the authentication id in the RFC as well. I 
am working on my reply mail ...


Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München        http://ma.tthias.eu/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070206/f071fd32/attachment.bin>

More information about the Standards mailing list