[Standards] Re: SASL Plain - AuthID - Bare JID or User Name?

Mridul mridul at sun.com
Thu Feb 8 22:44:42 UTC 2007

Matthias Wimmer wrote:
> Hi Gaston!
> Gaston Dombiak schrieb:
>> I'm now modifying Wildfire to handle usernames or bare JIDs. However, 
>> I do have a question. Should the server validate that the domain of 
>> the bare JID matches the domain of the XMPP server? Or is the JID's 
>> domain unrelated to the XMPP domain and is treated as another REALM 
>> related to something else?
> If a @ sign is present in the authentication id, I would treat it as 
> an overwrite of the default realm. So you would have to check the 
> authentication-username in a different realm.
> That's also how Cyrus SASL handles at signed in the authentication id 
> of PLAIN.
> Matthias

Hi Matthias,

Simple example where this would fail.
If you are authenticating using the mail id - the '@' is part of the 
user id now.


More information about the Standards mailing list