[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI, multiple aliases

To: hyc@symas.com
Subject: Re: GSSAPI, multiple aliases
From: Luke Howard <lukeh@padl.com>
Date: Fri, 24 Sep 2004 00:41:54 +1000
Cc: matt.smith@uconn.edu, openldap-software@OpenLDAP.org
Organization: PADL Software Pty Ltd
References: <1095700606.27010.91.camel@d80h243> <1095941946.4821.1.camel@d80h243> <4152C871.9040201@symas.com>
Versions: dmail (bsd44) 2.6d/makemail 2.10

>OpenLDAP doesn't make any decision at all. By its nature, the internal 
>workings of Kerberos are completely hidden behind the GSSAPI layer and 
>OpenLDAP knows nothing about it. You should ask on a mailing list for 
>your Kerberos implementation how a Kerberized server works; they all 
>work the same (otherwise there would be no interoperability, would 
>there...).

IIRC the canonical hostname of the machine is used, at least with
Heimdal (gethostbyname(gethostname()), for servers that don't acquire
a specific credential before calling GSS_Accept_Sec_Context().

-- Luke

--

Follow-Ups:
- Re: GSSAPI, multiple aliases
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- GSSAPI, multiple aliases
  - From: "Matthew J. Smith" <matt.smith@uconn.edu>
- Re: GSSAPI, multiple aliases
  - From: "Matthew J. Smith" <matt.smith@uconn.edu>
- Re: GSSAPI, multiple aliases
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: GSSAPI, multiple aliases
Next by Date: Re: GSSAPI, multiple aliases
Index(es):
- Chronological
- Thread