[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: kerberos authentication disables normal operation?

--On Sunday, June 22, 2003 3:11 PM -0700 Kent_Wu@trendmicro.com wrote:

Hi Dieter:

	Yes, I used to use this format ldap/host@REALM while passing it to
gss_import_name() with the type GSS_C_NT_HOSTBASED_SERVICE in my Solaris
8 machine. However once I tried to integrate with MIT kerberos API to get
TGT, I need to use MIT's GSSAPI as well to resolve some library conflict
and MIT's GSSAPI doesn't have GSS_C_NT_HOSTBASED_SERVICE defined so that
I use gss_nt_service_name instead. The consequence of this is that I need
to use this format ldap@realm_name instead.

	The odd thing is it all works fine during the authentication phase
without any error returns, it just couldn't return entries while doing
the search, however it still returns normally without any errors.


We use a mix of Heimdal & MIT Kerberos. ldap/<host>@REALM works just fine for us with both Heimdal & MIT. I don't see that using MIT Kerberos means you have to change the principal name...


-- Quanah Gibson-Mount Senior Systems Administrator ITSS/TSS/Computing Systems Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html