a7ec0338bc
RFC4616 states that if the authorization identity (authzid) parameter is null, then it is derived from the authentication identity (authcid). Smack currently sets both, authzid and authcid, to the username, resulting in auth attempts of userid\0userid\0password instead of userid\0password Which are different users on most systems (e.g. Kerberos). We now set only SASLMechanism.authenticationId to username. The authenticate(String, CallbackHandler) method does now not longer receive the username, as it's send by the CallbackHandler. |
||
|---|---|---|
| .. | ||
| SASLAnonymous.java | ||
| SASLCramMD5Mechanism.java | ||
| SASLDigestMD5Mechanism.java | ||
| SASLExternalMechanism.java | ||
| SASLGSSAPIMechanism.java | ||
| SASLMechanism.java | ||
| SASLPlainMechanism.java | ||
| package.html | ||