I think I may be using the wrong callback with Authen::SASL::GSSAPI, and I wanted some comments.
With GSSAPI, the authentication identity is determined by the contents of the current users credential cache. However, the authorization identity can be specified as part of the SASL handshake. I'm currently using the 'user' callback to provide the authorization identity - contrary to what the documentation in the source says. However, Perl::DIGEST_MD5 appears to use 'authname' for authorization identity. This is confusing because Cyrus uses 'AUTHNAME' as the authentication identity, and 'USER' as the authorization identity. Is there a definitive list of which callbacks serve which purposes across both the Perl and Cyrus implementations? Thanks, Simon.
