tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Created: (OPENEJB-469) csiv2 InitialContextToken processing needs to include and expect GSS Scoped-Username
Date Sun, 04 Feb 2007 17:42:05 GMT
csiv2 InitialContextToken processing needs to include and expect GSS Scoped-Username
------------------------------------------------------------------------------------

                 Key: OPENEJB-469
                 URL: https://issues.apache.org/jira/browse/OPENEJB-469
             Project: OpenEJB
          Issue Type: Bug
          Components: corba
    Affects Versions: 2.3
            Reporter: David Jencks
         Assigned To: David Jencks
             Fix For: 2.3


According to the csiv2 documentation 01-06-17.pdf p 16-19 section 16.2.4, the GSSUPInitialContextToken
needs to use a scoped username for the username field.

This means that the CSSGSSUPMechConfigDynamic and CSSGSSUPMechConfigStatic need to install
username + "@" + domain into the initial context token they are constructing and that TSSGSSUPMechConfig
needs to extract the username from before the @scope part of the initial context token it
receives.

There are some additional rules about escaping @ characters in the username or domain portions
of a scoped username in paragraph 64.  I don't understand the situation in which the scope
in the username would be different from the domain also transmitted in the initial context
token.

I had a solution of some sort for the sun orb but I can't find the code for it.  From my current
reading of the spec I suspect my previous solution was wrong.

According to paragraph 62 the same stuff needs to happen with CSSSASITTPrincipalNameDynamic,
CSSSASITTPrincipalNameStatic, and TSSITTPrincipalNameGSSUP.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message