[prev] [thread] [next] [lurker] [Date index for 2006/07/07]
On 2006-07-07 at 09:27 -0500, Peter da Silva wrote: > > gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth@xxxxxxx.xxx > I'm confused, why would you expect the order of tagged elements in a list > to remain constant? Which list? The two items separated by + aren't usually referred to as a list, are they? The rest of the DN is order-dependent. It's what makes dc=foo,dc=example,dc=org different from dc=example,dc=foo,dc=org and affects security "somewhat". ;^) If I'm wrong, which is conceivable, then I've misunderstood some fundamentals and need to review some documentation either with the assistance of strong alcohol or with some form of restraint to keep me from pulling the remaining hair out of my scalp. So assuming that you just mean the uidNumber and gidNumber: because every bit of documentation I've seen on using SASL EXTERNAL with Unix-domain sockets also makes the same assumption and after understanding what was going on, I went with the strictest definition which didn't let arbitrary other data appear and tightened it up. I suspect that this change will be biting more people than just me. Probably just about everyone who likes being authenticated automatically as the current user without needing to use GSSAPI; I do use GSSAPI now too, but don't want to mess around keeping client tokens renewed for servers, so just use EXTERNAL for them. Since every piece of server software (should) run(s) as its own dedicated usercode, this works nicely with a local LDAP server/cache. -- VISTA: Viruses, Infections, Spyware, Trojans & AdwareThere's stuff above here
Generated at 23:01 on 05 Dec 2006 by mariachi 0.52