Currently if you have a ABFAB name with no realm it looks lie "foo" or "foo/bar.example.com" not "foo@".
For one use (sending the EAP identity response) this is clearly correct. Howere this forbids realm defaulting within the acceptor and the initiator. The AAA infrastructure can still do realm defaulting if it likes, but the GSS code cannot distinguish cases where the realm was intended to be defaulted from cases where the realm was intended to be left to AAA. So long as there are no cases where we hope the GSS infrastructure fills in a default this is fine. I think the current behavior is OK, but want to check with the WG. --Sam _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
