Peter Saint-Andre wrote:
Toly Menn wrote:
Also, section 7.3.4 indicates that the receiving end of the
connection SHOULD allow at least 2 and no more then 5 retries from
the abort. Does this make sense for s2s connections? EXTERNAL
mechanism?
That rule (which IIRC we borrowed from RFC 4422) may not make sense for
all SASL mechanisms or for s2s connections.
Agreed.
However, for c2s connections
it may make sense for SASL EXTERNAL because end users can have multiple
certificates (I know I do).
As a side note: how do you select a particular certificate using SASL
EXTERNAL? Are you using different authorization identity in a hope that
the server end will match it against the correct client certificate.
