Displaying 2 results from an estimated 2 matches for "handskake".
Did you mean:
handshake
2015 Feb 25
2
Proxying of non "plain" SASL mechnisms.
...nless they do some kind of channel-binding. (like
SASL EXTERNAL)
For example, the GS2-KRB5 SASL mech would be perfectly forwarded if just
the Kerberos ticket doesn't put restrictions on the client IP-address.
So, why not just extend the support for proxy authentication forwarding
to any single-handskake SASL-IR mechanism, which doesn't use
channel-binding? (which includes PLAIN, but also GS2-KRB5, and possibly
others).
/Peter
2015 Mar 17
0
Proxying of non "plain" SASL mechnisms.
On 25 Feb 2015, at 20:59, Peter Mogensen <apm at one.com> wrote:
> So, why not just extend the support for proxy authentication forwarding
> to any single-handskake SASL-IR mechanism, which doesn't use
> channel-binding? (which includes PLAIN, but also GS2-KRB5, and possibly
> others).
Yeah, I guess it would work for several of the auth mechanisms. It's a lot of work though and requires some larger changes to how authentication works. I don'...