[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP2 and SASL/Kerberos

To: Turbo Fredriksson <turbo@bayour.com>
Subject: Re: OpenLDAP2 and SASL/Kerberos
From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>
Date: Tue, 06 Mar 2001 23:08:33 +0100
Cc: openldap-software@OpenLDAP.org
Organization: DFN Directory Services, ZDV Uni Tübingen
References: <871ysb5db8.fsf@papadoc.bayour.com> <20010306143515.X137484@pandora.inf.elte.hu> <874rx73rz6.fsf@papadoc.bayour.com> <20010306154502.C137484@pandora.inf.elte.hu> <87vgpm3iwq.fsf@papadoc.bayour.com> <87pufu3hgx.fsf@papadoc.bayour.com> <87lmqi3dtw.fsf@papadoc.bayour.com>


Turbo Fredriksson wrote:
> CHROOT:/tmp/sample# ldapsearch -b "dc=com" -H ldaps:/// -I > ldap_sasl_interactive_bind_s: Unknown authentication method

Seems to be some signend/unsigned arithmetic mismatch. Try this in
cyrus-sasl/plugins:
--- gssapi.c.orig Mon Jan 22 17:52:32 2001
+++ gssapi.c   Tue Mar  6 23:05:48 2001
@@ -1243,7 +1243,7 @@

   /* need bits of layer */
   allowed = secprops.max_ssf - external;
-  need = secprops.min_ssf - external;
+  need = secprops.min_ssf <=  external ? 0 : secprops.min_ssf -
external;
   serverhas = ((char *)output_token->value)[0];

   /* if client didn't set use strongest layer available */


-- 
Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de

Follow-Ups:
- schemacheck not working?
  - From: "Steve Collins" <scollins@apexvoice.com>
- Re: OpenLDAP2 and SASL/Kerberos
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>
- Re: OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>

References:
- OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: OpenLDAP2 and SASL/Kerberos
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>
- Re: OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Memory Leak?
Next by Date: schemacheck not working?
Index(es):
- Chronological
- Thread