[jdev] SASL EXTERNAL for s2s in jabberd14
Peter Saint-Andre
stpeter at jabber.org
Mon Nov 7 14:19:36 CST 2005
Matthias Wimmer wrote:
> Hi Justin!
>
> Justin Karneges schrieb:
>
>> Why would a connecting server present a certificate, and then invoke
>> SASL EXTERNAL with an authzid that doesn't match what is written in
>> the certificate? Sounds to me like a configuration problem in the
>> connecting server that you probably shouldn't encourage.
>>
>>
> Because it is maybe connecting for service.example.com but only has a
> certificate for example.com. Sure this might be considered as
> misconfiguration - and sure as well, that it would be better to have a
> certificate for each domain.
I don't see why you need a separate certificate for each domain -- can't
you have one domain with many instances of id-on-xmppAddr in the
subjectAltName?
/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20051107/c3fed18c/attachment-0002.bin>
More information about the JDev
mailing list