On Wed, Apr 20, 2011 at 1:55 PM, Sai Pullabhotla
sai.pullabho...@jmethods.com wrote:
I personally think adding the new interface is much cleaner,
guarantees backward compatibility.
I think I agree. But, using a more descriptive name than sticking a
digit on the end :-)
/niklas
Just wanted to address the comment made by Niklas that a password
should always be required:
Just reading back the RFC 4217, and found this:
Note 2: The PASS command might not be required at all (if the USER
parameter and any client identity presented provide sufficient
authentication).
Hi
My suggestion would be to let the client execute the PASS command with
any password (blank, fixed, random). Then, implement UserManager and
perform the certificate check in the authenticate() method. The
certificate chain is included in the UsernamePasswordAuthentication
object.
We actually
Thanks, Niklas. Unfortunately we cannot control the clients. We were
told that the client's are built to never send PASS command and expect
either a 2XX reply on the USER command or 5XX reply. In other words,
the server should perform the authentication soon after it receives
the USER command (if