[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI, multiple aliases

>OpenLDAP doesn't make any decision at all. By its nature, the internal 
>workings of Kerberos are completely hidden behind the GSSAPI layer and 
>OpenLDAP knows nothing about it. You should ask on a mailing list for 
>your Kerberos implementation how a Kerberized server works; they all 
>work the same (otherwise there would be no interoperability, would 

IIRC the canonical hostname of the machine is used, at least with
Heimdal (gethostbyname(gethostname()), for servers that don't acquire
a specific credential before calling GSS_Accept_Sec_Context().

-- Luke