[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Openldap crashes on GSSAPI authentication

To: "'Stephen Frost'" <sfrost@snowman.net>, "'Mitrana Cristian'" <cmitrana@xnet.ro>
Subject: RE: Openldap crashes on GSSAPI authentication
From: "Howard Chu" <hyc@highlandsun.com>
Date: Fri, 21 Feb 2003 13:55:09 -0800
Cc: "'openldap'" <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <20030221143809.GW18261@ns.snowman.net>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Stephen Frost

> * Mitrana Cristian (cmitrana@xnet.ro) wrote:
> > >From your sldapd.conf:
> > [..]
> > # SASL Configuration
> > #sasl-realm	math.gatech.edu
> > #sasl-host	kerberos.math.gatech.edu
> >
> > why are these commented ? Shouldn't you set them right ?
>
> You don't actually need them, really.  Supposedly if you
> don't set them
> things will work.  I've found that they do work but, for example, an
> ldapwhoami returns without the cn=REALM part.  I think that's wrong,
> though others may feel differently.  It shouldn't cause slapd
> to crash,
> certainly.

I agree with you, I think it's wrong that the SASL library omits the realm.
But I've already had this argument (and lost) on the SASL mailing list. This
is the way SASL has always worked, and always will work - when the user is
authenticating into the same realm as the server's default realm, SASL strips
the realm before passing it to the server. Feel free to dredge this topic
back up again on the Cyrus-SASL mailing lists. It's not an OpenLDAP issue.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- Re: Openldap crashes on GSSAPI authentication
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: Re: openldap on Tru54 Unix 5.1
Next by Date: Re: Testing slave-master replication.
Index(es):
- Chronological
- Thread