[jdev] Username-based SASL Mechanisms

[Jonathan Dickinson]

Hi All,

This is a rather strange one. Is there any support for determining SASL mechanisms based on the user's name? I [will] have a bunch of authentication providers, such as EXTERNAL, SQL, SAP, NTLM, Kerberos, Open-Id etc. These can be located on the component itself or on another component on the network: it doesn't matter (ooh, you should see my framework :)). The thing that I worry about is that obviously some components won't support other authentication mechanisms (NTLM is a good example of this): so if I just query them verbatim for mechanisms there is no guarantee that the client will be able to use that mechanism to log in (e.g. Joe might be on the domain, but not in the SQL DB, failure if he tries to use DIGEST-MD5 - his client may even always fail to log in).

I thought that I could use the "to" attribute on the <stream:stream> tag, but another problem arises: most of the blumming client's I have analyzed using my server don't put this in the start tag: I am sure there is a reason I missed on the mailing list (is there?).

I basically want to say to the components, "does anyone know this guy? How do I talk to him?" and if they respond I can aggregate the results, if not I can use a predefined list of mechanisms (to fool harvesters/hackers).

Maybe I could leave it up to the users to complain to the misbehaving client developers?

Thanks guys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20081031/6417e90f/attachment-0003.htm>