[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos 5 Support for OpenLDAP-release

To: Booker Bense <bbense@networking.stanford.edu>
Subject: Re: Kerberos 5 Support for OpenLDAP-release
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 22 Sep 1999 18:13:26 -0700
Cc: Ben Collins <bcollins@debian.org>, Jeffrey Mahoney <jdmsys@rit.edu>, openldap-devel@OpenLDAP.org
In-reply-to: <Pine.GSO.4.10.9909221718260.26223-100000@telemark.stanford .edu>
References: <37E939C6.DED5879D@OpenLDAP.Org>

At 05:43 PM 9/22/99 -0700, Booker Bense wrote:
>- I don't know enough of the logic of how ldap_init works to know
>what the right thing to do here is. I think I could cobble up a patch
>using ldo_defhost, but I'm not sure that's the correct thing to do. 

Well, if no connection, you could do an ldo_defhost->IP->name, but...

>I looked at ITS 268, and the more that I think about it the more
>I'm convinced that the ticket has to be constructed after the 
>connection is opened.

I agree. ldap_kerberos_bind*() should open connection (if
necessary) before attempting to generate the ticket.  This could
be done by splitting out the post-init part of ldap_open into a
subroutine that ldap_open(), ldap_send_initial_result(),
and ldap_kerberos_bind*() could call.

Follow-Ups:
- Re: Kerberos 5 Support for OpenLDAP-release
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: Kerberos 5 Support for OpenLDAP-release
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Kerberos 5 Support for OpenLDAP-release
Next by Date: Re: Kerberos 5 Support for OpenLDAP-release
Index(es):
- Chronological
- Thread