On Friday 04 November 2005 16:07, Matthias Wimmer wrote: > that it seems to be common, that I get connects with certificates, that > will fail on the domain check. Due to my logs all servers connecting > with transport IDs at present use certificates for the server domain, > not for the transport domain. > If I'd offer SASL to these connects, they'd all try SASL first, that > would fail and the server would have to reconnect and try dialback.
Why would a connecting server present a certificate, and then invoke SASL EXTERNAL with an authzid that doesn't match what is written in the certificate? Sounds to me like a configuration problem in the connecting server that you probably shouldn't encourage. -Justin
