[Standards] Re: SASL Plain - AuthID - Bare JID or User Name?

Mridul mridul at sun.com
Thu Feb 8 22:44:42 UTC 2007


Matthias Wimmer wrote:
> Hi Gaston!
>
> Gaston Dombiak schrieb:
>> I'm now modifying Wildfire to handle usernames or bare JIDs. However, 
>> I do have a question. Should the server validate that the domain of 
>> the bare JID matches the domain of the XMPP server? Or is the JID's 
>> domain unrelated to the XMPP domain and is treated as another REALM 
>> related to something else?
>
> If a @ sign is present in the authentication id, I would treat it as 
> an overwrite of the default realm. So you would have to check the 
> authentication-username in a different realm.
>
> That's also how Cyrus SASL handles at signed in the authentication id 
> of PLAIN.
>
>
> Matthias
>

Hi Matthias,

Simple example where this would fail.
If you are authenticating using the mail id - the '@' is part of the 
user id now.

Mridul



More information about the Standards mailing list