On 24/08/17 05:53, Andrew Stitcher wrote:
I think connection bound is after authentication - unless I'm forgetting
things due to vacation all events are after authentication.
Having been poking around in this area recently, I can confirm that
CONNECTION_BOUND will occur *before* the authentication.
On Tue, Aug 22, 2017, at 11:15 AM, Alan Conway wrote:
Reading the SASL docs I think we also need to allow SASL realm to be
set on a per-connection basis, in CONNECTION_BOUND - and expose that in
all bindings. This is because the realm may be set by the server based
on incoming vhost. CONNECTION_BOUND is the only point where we a) have
the incoming vhost and b) authentication is not yet done, so it seems
the right place. I think it's a simple setter on the SASL object, any
other ideas?
I'm not sure if I understand this right. When you say 'vhost', what do
you mean? The hostname in sasl-init?
If so, the particular sasl mechanism in use has access to that and can
use it to set the realm (which I am assuming is a term related to the
sasl impl, e.g. the cyrus-sasl library?).
I raised https://issues.apache.org/jira/browse/PROTON-1542 for allowing
clients to control the value of hostname that is sent out in sasl-init.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
