[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap+sasl+gsi, sasl.c bugs (ITS#530)



Full_Name: mei-hui su
Version: development tree
OS: solaris 2.7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.9.64.206)


Hi,

  We managed to make this setup to work on solaris 2.7 (which is
wonderful for us),

slapd with shell backend(development tree) + Cyrus sasl(1.5.15) +
gssapi_ssleay(GSI)

  During the process, we found couple of small bugs in client
library's sasl.c and server's sasl.c.

  As a side note,

  Base on the sample example supplied in Cyrus SASL's tar ball,
authentication is 'userid'  using the callback id of SASL_CB_USER
authorization is 'authid' using the callback id of SASL_CB_AUTHNAME

  And according to the RFC 2222 7.2.2, on the server side, the call
to GSS_Accept_sec_context might not result in an output_token when
GSS_S_COMPLETE is returned. In either case, server needs to call 'step'
again and it will generate a 4 octets data that should then be sent
to the client.

mei

patch can be found at 

ftp.openldap.org/incoming/meihuisu_patch_051000.tar