[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6757) SASL canonicalize doesn't work as documented

I get similar behaviour using Cyrus SASL's sample-client and sample-server:

Negotiation complete
Username: student@REALM3.WS.NSRC.ORG
Realm: (NULL)
SSF: 56

Now, in sample-server.c, the displayed realm comes from

  result = sasl_getprop(conn, SASL_DEFUSERREALM, (const void **)&data);

which suggests this is intended to be the default realm, not the realm of
the user connecting. And clearly the username does include the Kerberos

But I'm having difficulty finding the corresponding OpenLDAP code to extract
the realm.  Is it making use of session callbacks, and expects Cyrus to call
slap_sasl_canonicalize (SASL_CB_CANON_USER) with the user_realm parameter?