Re: ldap_sasl_interactive_bind_s

[Jeremiah Martell <inlovewithgod@gmail.com>]

Dieter,

Thanks for the reply. However, my system is setup correctly for cross-realm 
authentication. I have another application that does it perfectly fine, so 
it's not how my system are setup.

Doing an ethereal on both applications (the one that works, and mine), it 
seems that the one that works correctly walks around the realms successfully 
until it gets to the realm with the ldap server in it. While my application 
requests a ticket for "krbtgt .". The dot is the difference. The system that 
works asks for a ticket for a valid realm, while my application is asking 
for a ticket for dot (.).

Anybody have any experience on how to correctly use 
ldap_sasl_interactive_bind_s? I know my "interact function" get's asked for 
some values, and currently I return nothing. I've tried to return a valid 
realm but it doesn't seem to get used (verified with ethereal). Any ideas?

Thanks,

- Jeremiah
inlovewithGod@gmail.com

On 9/16/05, Dieter Kluenter <dieter@dkluenter.de> wrote:
> 
> Jeremiah Martell <inlovewithgod@gmail.com> writes:
> 
> > Hello,
> >
> > Is there any documentation on this function? I'm able to get openldap to
> > successfully use this function to authenticate to a ldap directory with
> > SASL/GSSAPI when my kerberos credentials and the ldap directory are in 
> the
> > same realm. But when my credentials and the ldap directory are in 
> different
> > realms, it's failing. I'm not sure what to pass this function to make
> > multi-realm logins work. Any ideas?
> 
> This is a kerberos related question. Set up your system to cross realm
> authentication and two way trust relation.
> 
> -Dieter
> 
> --
> Dieter Klünter | Systemberatung
> http://www.dkluenter.de
> GPG Key ID:8EF7B6C6
> 
>