Re: Kerberos 5 Support for OpenLDAP-release

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

We also need someone to look through the old Kerberos4 code
to resolve outstanding issues.  ldap_init() not working and
detection/handling of Kerberos4 varients.

As far as contributing, please review our contributing/programming
guidelines (http://www.openldap.org/devel/) and then submit an
appropriate patch (http://www.openldap.org/its/), preferrably
against devel code.  New functionality must be brought in through
our devel branch.  Since Ben spoke up, I'll leave the review
to him.

	Kurt

At 07:26 AM 9/17/99 -0400, Ben Collins wrote:
>On Fri, Sep 17, 1999 at 11:14:20AM -0400, Jeffrey Mahoney wrote:
>> 
>> 
>> 	Hello -
>> 
>> 	A few days ago, I started searching for Kerberos 5 support (or any
>> hints of development) for OpenLDAP.
>> 
>> 	I didn't find anything, so I wrote it myself.
>> 
>> 	What's the code review process, etc for code integration into the
>> OpenLDAP project?
>> 
>> 	Basically, my code is an API translation from krb4 calls to krb5 calls.
>> 
>> 	I've added an LDAP_AUTH_KRB5 authentication type, as well as an
>> ldap_krb5_bind{,_s} call for TGT-based binds.
>> 
>> 	Kerberos password authentication is supported, but overridden if the
>> "userpassword" field is non-null.
>> 
>> 	I've posted my changes on the web at http://www.csh.rit.edu/~jeffm/ldap
>
>Great! I've been meaning to work on this myself. Questions, is this against the
>openldap 2 devel source, or the 1.2.x source? I ask, because it really needs to
>be against the devel tree. Another question, does this support the Krb5 DES
>encrypted sessions? If not, do you know if thats possible?
>
>I'll check out your patch, if it looks ok, I'll try to merge it into the CVS some
>time this weekend.
>
>Ben
>
>