[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl-host ignored in GSSAPI authentication

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: RE: sasl-host ignored in GSSAPI authentication
From: Jeffrey Layton <jtlayton@poochiereds.net>
Date: Thu, 08 Apr 2004 15:00:38 -0400
Cc: openldap-software@OpenLDAP.org
In-reply-to: <399670125.1081425347@cadabra-dsl.stanford.edu>
References: <01e501c41d95$f283e800$1801a8c0@CELLO> <399670125.1081425347@cadabra-dsl.stanford.edu>

On Thu, 2004-04-08 at 14:55, Quanah Gibson-Mount wrote:
> That isn't exactly true, either... My ldap.conf points everything to 
> "ldap.stanford.edu" which is just an alias for a particular host at a given 
> point in time.  ldapsearch still does not ask for 
> "ldap/ldap.stanford.edu@stanford.edu", it asks for 
> "ldap/ldap7.stanford.edu@stanford.edu" or whatever host is currently 
> answering for ldap.stanford.edu.  Also, I'd think having the K5 keytab 
> principle be mismatched from the host.FQDN@REALM is going to cause problems 
> as well, in reading the K5 RFC...

So is there no way to force the value of the hostname portion of the
kerberos principal?
-- Jeff

References:
- RE: sasl-host ignored in GSSAPI authentication
  - From: "Howard Chu" <hyc@highlandsun.com>
- RE: sasl-host ignored in GSSAPI authentication
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: RE: sasl-host ignored in GSSAPI authentication
Next by Date: Re: sasl libraries
Index(es):
- Chronological
- Thread