[Standards] Re: SASL Plain - AuthID - Bare JID or User Name?
mridul at sun.com
Thu Feb 8 22:44:42 UTC 2007
Matthias Wimmer wrote:
> Hi Gaston!
> Gaston Dombiak schrieb:
>> I'm now modifying Wildfire to handle usernames or bare JIDs. However,
>> I do have a question. Should the server validate that the domain of
>> the bare JID matches the domain of the XMPP server? Or is the JID's
>> domain unrelated to the XMPP domain and is treated as another REALM
>> related to something else?
> If a @ sign is present in the authentication id, I would treat it as
> an overwrite of the default realm. So you would have to check the
> authentication-username in a different realm.
> That's also how Cyrus SASL handles at signed in the authentication id
> of PLAIN.
Simple example where this would fail.
If you are authenticating using the mail id - the '@' is part of the
user id now.
More information about the Standards