[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: kerberos authentication disables normal operation?

To: Kent_Wu@trendmicro.com, openldap-software@OpenLDAP.org
Subject: RE: kerberos authentication disables normal operation?
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Mon, 23 Jun 2003 09:30:28 -0700
Content-disposition: inline
In-reply-to: <7DE4EF03D8D61B44B927E4A059B2644C3489F9@65-200-113-18.trendmicro.com>
References: <7DE4EF03D8D61B44B927E4A059B2644C3489F9@65-200-113-18.trendmicro .com>

--On Sunday, June 22, 2003 3:11 PM -0700 Kent_Wu@trendmicro.com wrote:

Hi Dieter:

	Yes, I used to use this format ldap/host@REALM while passing it to
gss_import_name() with the type GSS_C_NT_HOSTBASED_SERVICE in my Solaris
8 machine. However once I tried to integrate with MIT kerberos API to get
TGT, I need to use MIT's GSSAPI as well to resolve some library conflict
and MIT's GSSAPI doesn't have GSS_C_NT_HOSTBASED_SERVICE defined so that
I use gss_nt_service_name instead. The consequence of this is that I need
to use this format ldap@realm_name instead.

	The odd thing is it all works fine during the authentication phase
without any error returns, it just couldn't return entries while doing
the search, however it still returns normally without any errors.


Kent,

We use a mix of Heimdal & MIT Kerberos. ldap/<host>@REALM works just fine for us with both Heimdal & MIT. I don't see that using MIT Kerberos means you have to change the principal name...

--Quanah


--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- RE: kerberos authentication disables normal operation?
  - From: <Kent_Wu@trendmicro.com>

Prev by Date: error 65 when adding attributes
Next by Date: Re: error 65 when adding attributes
Index(es):
- Chronological
- Thread