Loading...

ietf-sasl@imc.org

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: sasl PLAIN and netscape communicator Tony Hansen Tue Jun 08 20:08:48 1999

Nelson Tang wrote:
> 
> >  The string passed in has an authorization identity but no
> >  username.
> 
> It's legit.  The specification of the PLAIN SASL mechanism says:
> 
> "The client sends the authorization identity (identity to login as),
> followed by a US-ASCII NUL character, followed by the authentication
> identity (identity whose password will be used), followed by a US-ASCII
> NUL character, followed by the clear-text password.  The client may
> leave the authorization identity empty to indicate that it is the same
> as the authentication identity."

Sigh, I was getting the "authorization identity" confused with the
"authentication identity" and thinking that the latter could be left
blank to be copied from the former, whereas the spec says the opposite.

Definitely my mistake. Sorry to take up everyone's time.

        Tony Hansen
        [EMAIL PROTECTED]