[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl-host ignored in GSSAPI authentication

To: "'Jeffrey Layton'" <jtlayton@poochiereds.net>
Subject: RE: sasl-host ignored in GSSAPI authentication
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 8 Apr 2004 12:09:59 -0700
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <1081449264.23921.80.camel@tesla.mmt.bellhowell.com>

Quanah's post is correct. Kerberos always uses the official name of a host,
not CNAMEs.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Jeffrey Layton

> On Thu, 2004-04-08 at 14:11, Howard Chu wrote:
> > The sasl-host config in slapd.conf has absolutely nothing
> to do with the
> > service name that a client will request. The client
> generates a request based
> > on the server name that you provided to it. Check your
> ldap.conf file.
>
> The URI in ldap.conf seems to be correct, it's set to (the equivalent
> of):
>
>     URI ldap://ldap.domain.net/
>
> I also tried using:
>
>     ldapsearch -H 'ldap://ldap.domain.net/'
>
> and still got the same hostname in the principal. Any clues?
>
> -- Jeff
>
>
>

References:
- RE: sasl-host ignored in GSSAPI authentication
  - From: Jeffrey Layton <jtlayton@poochiereds.net>

Prev by Date: Re: FW: programming using ldap api calls
Next by Date: RE: back_ldap.so.2: undefined symbol: rewrite_info_init
Index(es):
- Chronological
- Thread