[Date Prev][Date Next] [Chronological] [Thread] [Top]

case of service component in server principals

To: openldap-devel@OpenLDAP.org
Subject: case of service component in server principals
From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>
Date: Wed, 15 Nov 2000 17:35:02 +0100
Newsgroups: comp.protocols.kerberos
Organization: DFN Directory Services, ZDV Uni Tübingen

Hi,
the GSSAPI mechanism included in the IBM SecureWay Directory Client SDK
uses tickets in which the service component of the server principal is
in capital letters, i.e. LDAP/server@REALM. 
OpenLDAP (with Cyrus SASL and MIT krb5) expects the service to be in
lower case though, i.e. ldap/server@REALM, and thus aborts with
"gss_accept_sec_context: Miscellaneous failure; Wrong principal in
request;"
rfc1510, 7.2.1 states that the hostname must be in lower case, but what
about the service name?

-- 
Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de

Follow-Ups:
- Re: case of service component in server principals
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: LDAP on VMS
Next by Date: Re: case of service component in server principals
Index(es):
- Chronological
- Thread