RE: SASL 2.1.2 GSSAPI and EXTERNAL clients broken

["Howard Chu" <hyc@highlandsun.com>]

Aside from this bug in the ldap client library, the Cyrus 2.1.2 client
mechanisms themselves are also broken. I've submitted fixes for both of them
to the Cyrus list as well. There's one more issue in the 2.1.2 server
mechanisms that will prevent us from supporting in-directory storage of SASL
secrets. I've submitted a patch for that as well, so hopefully everything
will be usable in the next Cyrus release.

We have another bug to fix in the client library, although it's been
innocuous so far - the client hands the *server's* certificate DN to the
SASL library during a SASL-EXTERNAL bind. It should of course be storing its
own cert DN instead. I'm working on this now, as part of a more thorough
rewrite of the X.509 DN retrieval routines. (I think this bug is harmless,
since SASL doesn't transmit it during a SASL-EXTERNAL bind. It just looks
bad...)

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

-----Original Message-----
From: owner-openldap-commit@OpenLDAP.org
[mailto:owner-openldap-commit@OpenLDAP.org]On Behalf Of hyc@OpenLDAP.org
Sent: Wednesday, April 17, 2002 3:49 PM
To: OpenLDAP Commit
Subject: commit: ldap/libraries/libldap cyrus.c


Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap

Modified Files:
	cyrus.c  1.47 -> 1.48

Log Message:
Additional error reporting for Cyrus SASL 2. Attempt to get SASL-EXTERNAL
working ifor Cyrus 2. (Both GSSAPI and EXTERNAL are broken at the moment.)


CVS Web URLs:
  http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/
    http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/cyrus.c

Changes are generally available on cvs.openldap.org (and CVSweb)
within 30 minutes of being committed.