[Standards] Re: [Standards-JIG] UPDATED: XEP-0178 (Best Practices for Use of SASL EXTERNAL)
m at tthias.eu
Fri Jan 26 18:12:46 UTC 2007
Peter Saint-Andre schrieb:
>> The other thing is if EXTERNAL has been offered (i.e. TLS was able to
>> verify the authentication identity), but EXTERNAL failed to authorize
>> (i.e. the peer tried to authorize as someone he is not allowed to
>> authorize as), it might be considered as a final authorization failure
>> causing a stream-close. I am not sure about that one yet.
> I guess in that case the auth would fail and the client would need to
> retry with a different mechanism next time?
Not sure. That would mean, that if SASL EXTERNAL fails for temporarily
reasons, that a server stops using it for future authentication attempts.
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
More information about the Standards