At 03:51 PM 2/10/2006, Aaron Mulder wrote:
Just to be clear, I'm talking about GSSUP authentication (where the
client sends a token containing a username and password and an encoded
domain name) not one of the principal name strategies (e.g. ITT*).
Jeppe, I'm not clear whether the GSS Name Form you're describing
applies to the username in a username/password/domain token or the
principal name in a principal name token. It would seem weird to set
the username to [EMAIL PROTECTED] when the same token already contains a
domain name, in effect.
"The format of the name passed in the username field depends on the
authentication
domain. If the mechanism identifier of the target domain is GSSUP,
then the format of
the username shall be a Scoped-Username (with name_value) as defined
in "Scoped-
Username GSS Name Form" on page 26-15"
So it applies, although stripping the domain seems legal to me.
andy
