On 4/17/07, Matthias Wimmer <[EMAIL PROTECTED]> wrote:
HI Janne!
Janne Savukoski schrieb:
> I'm sorry if this is some frustraginly frequently asked question, but
> as I'm seeing Google requesting db-results for several domains under a
> single TCP-session, it got me thinking if it's supported (by
> xmpp-servers in general) to do multiple SASL-negotiations similarly?
You are allowed to do SASL authentication if <mechanisms
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/> has been advertized by the
server.
After SASL authentication has been done, the stream gets reestablished
by sending a stream header and new stream features.
All servers I know will not include the above stream feature again if
authentication has already been done. Therefore with current
implementations you are not able to do multiple SASL-negotiations on the
same connection.
Hi Matthias!
And thanks! This cleared it up.
Also, the introduction of other domain connections happens at a later
stage of the conversation (when such a connection is needed) and not
right at the beginning when the stream initiation takes place. I was
just thinking if it would be allowed as I guess the stanza exchange
could be applied (/adapted) for such a case. But, already the TLS
binding feels to me as a major obstacle as it'd be a little
inefficient to negotiate multiple TLS layers on top of each other..
So, I guess the dialback has then some scalability advantages over
SASL. Naturally, supporting multiple domain connections over a single
TCP session lets you cut down the number of sessions to a fraction.
-janne
