[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl-host ignored in GSSAPI authentication

--On Thursday, April 08, 2004 11:11 AM -0700 Howard Chu <hyc@highlandsun.com> wrote:

The sasl-host config in slapd.conf has absolutely nothing to do with the
service name that a client will request. The client generates a request
based on the server name that you provided to it. Check your ldap.conf

That isn't exactly true, either... My ldap.conf points everything to "ldap.stanford.edu" which is just an alias for a particular host at a given point in time. ldapsearch still does not ask for "ldap/ldap.stanford.edu@stanford.edu", it asks for "ldap/ldap7.stanford.edu@stanford.edu" or whatever host is currently answering for ldap.stanford.edu. Also, I'd think having the K5 keytab principle be mismatched from the host.FQDN@REALM is going to cause problems as well, in reading the K5 RFC...


Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html