[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Make SASL hostname canonicalization optional (RFC on patch approach)
On Tue, March 4, 2008 12:44 pm, Russ Allbery wrote:
> "Joel Johnson" <mrjoel@lixil.net> writes:
>
>
>> A deficiency of the previously patch [1] appears to be that the option
>> is not configurable, so I have created a related patch [2] (currently
>> against 2.4.8, not quite HEAD) to add a runtime configuration option to
>> select whether or not the name canonicalization should be performed. It
>> defaults to true, the current behavior. The patch is still in progress,
>> but has the functionality and provides an illustration of my approach. The
>> following are known issues that will be addressed:
>
> For what it's worth, this approach (making canonicalization configurable
> and defaulting to on) is the same approach that's been taken by GSSAPI
> implementers. (By setting rdns = false in [libdefaults] for MIT Kerberos,
> for example.)
>
> --
> Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
This is precisely why I have need of the patch. I wish to use GSSAPI through
SASL, but the OpenLDAP SASL behavior masks the ability to make use of the
rdns=false selection from the underlying library.
Joel