>>>>> "Dan" == Dan Breslau <email address hidden> writes:
gss_import_name requires escaped names.
So, the most rfc-correct thing to do would be to:
* Not treat @ as a separator when entered in issuer or username, but instead to escape it when libmoonshot hands off a name to mech_eap
* treat \/ as an escaped slash in username
* turn \@ in username to \\\@ is username and realm
However that probably would confuse your users. I think a defensible behavior that is more usable would be to:
* Forbid unescaped @ in username and issuer
* Forbid unescaped / in issuer
* Permit escaped /, @ and \ everywhere
>>>>> "Dan" == Dan Breslau <email address hidden> writes:
gss_import_name requires escaped names.
So, the most rfc-correct thing to do would be to:
* Not treat @ as a separator when entered in issuer or username, but
instead to escape it when libmoonshot hands off a name to mech_eap
* treat \/ as an escaped slash in username
* turn \@ in username to \\\@ is username and realm
However that probably would confuse your users. I think a defensible
behavior that is more usable would be to:
* Forbid unescaped @ in username and issuer
* Forbid unescaped / in issuer
* Permit escaped /, @ and \ everywhere