[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL/Kerberos V4 & openldap

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: RE: SASL/Kerberos V4 & openldap
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 31 Oct 2002 11:23:55 -0800
Cc: Howard Chu <hyc@highlandsun.com>, openldap-software@OpenLDAP.org
In-reply-to: <773911185.1036062136@cadabra.stanford.edu>
References: <5.1.0.14.0.20021031083343.038e0a48@127.0.0.1> <026901c2809d$d9883b80$0e01a8c0@CELLO> <026901c2809d$d9883b80$0e01a8c0@CELLO> <5.1.0.14.0.20021031083343.038e0a48@127.0.0.1>

It's likely a similar issue.  Try requesting no security
layers (as local/remote IPs are needed for this).

At 11:02 AM 2002-10-31, Quanah Gibson-Mount wrote:


>--On Thursday, October 31, 2002 8:40 AM -0800 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:
>
>>See <http://www.openldap.org/its/?findid=1120>.
>
>Kurt,
>
>Please note that we are using cyrus-sasl-2.1.9.  The issue you refer me to deals with cyrus-sasl-1.*, and its problems with SASL_IP_REMOTE and SASL_IP_LOCAL, which are not part of the cyrus-sasl-2.* series.  Given I can do successful authentication with the sample server/client, something else must be the issue here.
>
>--Quanah
>
>
>>At 04:08 AM 2002-10-31, Quanah Gibson-Mount wrote:
>>
>>
>>>--On Wednesday, October 30, 2002 21:24:55 -0800 Howard Chu
>>><hyc@highlandsun.com> wrote:
>>>
>>>>This looks like a bug in the SASL KerberosIV mechanism. Have you
>>>>actually gotten a successful authentication using the SASL sample
>>>>client with the SASL server?
>>>
>>>Howard,
>>>
>>>Using the SASL sample client & server, I am able to successfully do
>>>Kerberos V4 authentication:
>>>
>>>
>>>./client -s ldap -m KERBEROS_V4 -p 99 ldap1.Stanford.EDU
>>>receiving capability list... recv: {24}
>>>PLAIN GSSAPI KERBEROS_V4
>>>PLAIN GSSAPI KERBEROS_V4
>>>send: {11}
>>>KERBEROS_V4
>>>send: {1}
>>>N
>>>recv: {4}
>>>[D0][F8]][F1]
>>>send: {117}
>>>[4][6][0]IR.STANFORD.EDU[0]8([EB]V[C1][84][88][C0][88][C9]_[9D][9C][D4][
>>>11]
>>>[8B]F[94][0][8D]9s[C9]o[1A][DC][A].E[C4]7[DA][A9][C5]?i[CF][A4][B4]H[E3]
>>>[97
>>>]IT[8E]:[ED]}[F8][D2][CC]?[B0][CC][E5][E3][E9]Kb[9C][15]H<s[B5]E[E0][D3]
>>>[11
>>>][CC][CB]/[B2][CA][DD][E4]vAJ|q[A9]\[BC]/[A9]"[E8][14]\[1]V[F5][1D][B6][
>>>C1] [AB]F
>>>recv: {8}
>>>[98]i?[1E][D6]JM[8C]
>>>please enter an authorization id: quanah
>>>send: {16}
>>>[E]ZK[7][C5][D2][C][8D][D9][AA][C2][A]H[97][15]R
>>>successful authentication
>>>closing connection
>>>
>>>--Quanah
>>>
>>>--
>>>Quanah Gibson-Mount
>>>Senior Systems Administrator
>>>ITSS/TSS/Computing Systems
>>>Stanford University
>
>
>
>--
>Quanah Gibson-Mount
>Senior Systems Administrator
>ITSS/TSS/Computing Systems
>Stanford University
>GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- RE: SASL/Kerberos V4 & openldap
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- RE: SASL/Kerberos V4 & openldap
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- RE: SASL/Kerberos V4 & openldap
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- RE: SASL/Kerberos V4 & openldap
  - From: "Howard Chu" <hyc@highlandsun.com>
- RE: SASL/Kerberos V4 & openldap
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: RE: SASL/Kerberos V4 & openldap
Next by Date: Re: A Beginer Question .. HELP!
Index(es):
- Chronological
- Thread