[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos 5 Support for OpenLDAP-release

At 05:43 PM 9/22/99 -0700, Booker Bense wrote:
>- I don't know enough of the logic of how ldap_init works to know
>what the right thing to do here is. I think I could cobble up a patch
>using ldo_defhost, but I'm not sure that's the correct thing to do. 

Well, if no connection, you could do an ldo_defhost->IP->name, but...

>I looked at ITS 268, and the more that I think about it the more
>I'm convinced that the ticket has to be constructed after the 
>connection is opened.

I agree. ldap_kerberos_bind*() should open connection (if
necessary) before attempting to generate the ticket.  This could
be done by splitting out the post-init part of ldap_open into a
subroutine that ldap_open(), ldap_send_initial_result(),
and ldap_kerberos_bind*() could call.