[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl-host ignored in GSSAPI authentication

Quanah's post is correct. Kerberos always uses the official name of a host,
not CNAMEs.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Jeffrey Layton

> On Thu, 2004-04-08 at 14:11, Howard Chu wrote:
> > The sasl-host config in slapd.conf has absolutely nothing
> to do with the
> > service name that a client will request. The client
> generates a request based
> > on the server name that you provided to it. Check your
> ldap.conf file.
> The URI in ldap.conf seems to be correct, it's set to (the equivalent
> of):
>     URI ldap://ldap.domain.net/
> I also tried using:
>     ldapsearch -H 'ldap://ldap.domain.net/'
> and still got the same hostname in the principal. Any clues?
> -- Jeff