[Date Prev][Date Next]
Re: SASL interoperability fix (ITS#2994)
FWIW Cyrus SASL returns a zero-length string, not NULL, on the last
leg of a GSS-API authentication.
If we are to respect the difference between the two, shouldn't slapd
only return serverSaslCreds if the SASL library returns NULL?
I tested some alternative server implementations of the GSSAPI
- Active Directory returns serverSaslCreds with length zero
- PADL GSS-SASL doesn't return serverSaslCreds (as far as I can
tell from the code, I didn't actually look at a packet trace)
Did this ever come up in the working group?
We should find out what Sun DS 5.2 does for GSSAPI...