[Standards] Re: [Standards-JIG] UPDATED: XEP-0178 (Best Practices for Use of SASL EXTERNAL)

Matthias Wimmer m at tthias.eu
Fri Jan 26 18:12:46 UTC 2007


Peter Saint-Andre schrieb:
>> The other thing is if EXTERNAL has been offered (i.e. TLS was able to
>> verify the authentication identity), but EXTERNAL failed to authorize
>> (i.e. the peer tried to authorize as someone he is not allowed to
>> authorize as), it might be considered as a final authorization failure
>> causing a stream-close. I am not sure about that one yet.
> 
> I guess in that case the auth would fail and the client would need to 
> retry with a different mechanism next time?

Not sure. That would mean, that if SASL EXTERNAL fails for temporarily 
reasons, that a server stops using it for future authentication attempts.


Matthias

-- 
Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München        http://ma.tthias.eu/




More information about the Standards mailing list