- Previous message: Rob Siemborski: "Re: authentication and authorization with auxprop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Rob Siemborski (rjs3 at andrew dot cmu dot edu)
Date: Mon Mar 01 2004 - 09:19:34 EST
On Sat, 28 Feb 2004, Howard Chu wrote:
> > If I am not mistaken, SASL service name is not available to saslauthd
> > (and GSSAPI SASL mechanism is not using saslauthd)
>
> Hm.... The service name is an argument to the auth_krb5() function, and it
> was certainly set to "ldap" when I was stepping thru slapd.
Yes, it is available. However, assuming that a "servicename" key will be
there is not great ("host" was likely chosen because it is highly likely
that a host key will be on a machine running a kerberized telentd or
sshd). I agree with Alexey that the real solution here is to make the
service name configurable.
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
|
|
|