On 15 Jan 2009, at 17:19, Peter Saint-Andre wrote: > > AFAIK, no servers implement that yet, and in any case it was designed > for a slightly different use case (basically situations in which DNS > SRV > results don't tell you the hostname of the connection manager you're > talking to because load balancers are in use).
GSSAPI domain based names are specifically designed to deal with the problem where the connection host is derived through an insecure SRV lookup, so they're exactly the correct tool to use to resolve this issue. The problem is with knowing what the other end is prepared to accept. I suppose if you're using your own SASL implementation you could do a gss_init_sec_context() for the domain based name first, and if that fails, fall back to using the hostname you got through the SRV lookup. Simon. _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
