Use SASL authzid as client identity if auth module permits it

[benlangfeld]

This allows the authentication modules to perform SASL proxy authentication. It puts the onus on them to authorize the authcid to masquerade as the authzid. Doesn't currently implement such functionality in existing auth modules, since they cannot currently codify a relationship between the two identities. Does not permit the authzid to use a domain differently from the one of the connection.

Note: digest might not work, but I have no interest in it, being deprecated.

[zinid]

What do you mean DIGEST-MD5 might not work? It's still in use. Or it might not work with SASL proxy authentication, but will work for sure with regular SASL?

[benlangfeld]

I may have broken SASL DIGEST here. I did not test it. It is deprecated In favour of SCRAM so I did not pay attention to it.

[benlangfeld]

Digest auth fixed. This should probably be good to merge now. The test failures are MUC related, which I havn't touched here.

[benlangfeld]

I've finally managed to get the test suite running locally, and it does indeed appear that there remain issues with DIGEST auth, which I will fix ASAP.

[zinid]

@benlangfeld good

[benlangfeld]

This should be good to go now. What are the chances of it making it into 15.05?

[benlangfeld]

Is there any chance this might be reviewed for inclusion?

[benlangfeld]

Anyone? @badlop @zinid @mremond?

[benlangfeld]

💃 Thanks @zinid!

[mremond]

@benlangfeld Cool 👍

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.