Comment 4 for bug 1500945
Revision history for this message
| Sam Hartman (hartmans) wrote Re: [Bug 1500945] Re: Issuer of issuer, user of user@issuer fails | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
>>>>> "Dan" == Dan Breslau <email address hidden> writes:
gss_import_name requires escaped names.
So, the most rfc-correct thing to do would be to:
* Not treat @ as a separator when entered in issuer or username, but
instead to escape it when libmoonshot hands off a name to mech_eap
* treat \/ as an escaped slash in username
* turn \@ in username to \\\@ is username and realm
However that probably would confuse your users. I think a defensible
behavior that is more usable would be to:
* Forbid unescaped @ in username and issuer
* Forbid unescaped / in issuer
* Permit escaped /, @ and \ everywhere