On Mon, 18 Mar 2024, 17:32 Stephen Paul Weber, <[email protected]> wrote:
> >> However it does lack any way to support indicating to the server > >> which > >> credential will be used, other than perhaps by implication from the SASL > >> mechanism. > >> > >> > >That's not the purview of a SASL profile. If a SASL mechanism supports > >multiple credentials, that's entirely encapsulated within that mechanism. > > Except that it is not. For example all of the SCRAM-SASL-* profiles can > easily support authentication with any of the passwords on an account, but > they need to know in advance which one is being used. So SASL mechanism is > insufficient for selecting credential by itself. > > The same goes for the HT-* token mechanisms. > Yes, I mean, the SASL profile itself doesn't do anything there. If you want to indicate a particular credential, you could use the authentication identifier to select which, and the authorization identifier might remain the same. Or a mechanism might support multiple credentials. But the SASL profile isn't involved here. _______________________________________________ > Standards mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
