RE: saslauthd auth_krb5

From: Rob Siemborski (rjs3 at andrew dot cmu dot edu)
Date: Mon Mar 01 2004 - 09:19:34 EST

  • Next message: Vikas Gandhi: "Unable to run SASL using GSSAPI/kerberos 5 as authentication agai nst Sun One Directory Server"

    On Sat, 28 Feb 2004, Howard Chu wrote:

    > > If I am not mistaken, SASL service name is not available to saslauthd
    > > (and GSSAPI SASL mechanism is not using saslauthd)
    >
    > Hm.... The service name is an argument to the auth_krb5() function, and it
    > was certainly set to "ldap" when I was stepping thru slapd.

    Yes, it is available. However, assuming that a "servicename" key will be
    there is not great ("host" was likely chosen because it is highly likely
    that a host key will be on a machine running a kerberized telentd or
    sshd). I agree with Alexey that the real solution here is to make the
    service name configurable.

    -Rob

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
    Research Systems Programmer * /usr/contributed Gatekeeper


  • Next message: Vikas Gandhi: "Unable to run SASL using GSSAPI/kerberos 5 as authentication agai nst Sun One Directory Server"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD