[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI, multiple aliases

I note that in addition to the Kerberos details
being hidden by GSSAPI, the GSSAPI issues are
hidden by the SASL "GSSAPI" mechanism, and these
hidden by Cyrus SASL.  slapd(8) makes no Kerberos(*)
or GSSAPI library calls itself.

(Excepting old LDAPv2 kbind cruft, not used here.)

At 07:41 AM 9/23/2004, Luke Howard wrote:

>>OpenLDAP doesn't make any decision at all. By its nature, the internal 
>>workings of Kerberos are completely hidden behind the GSSAPI layer and 
>>OpenLDAP knows nothing about it. You should ask on a mailing list for 
>>your Kerberos implementation how a Kerberized server works; they all 
>>work the same (otherwise there would be no interoperability, would 
>IIRC the canonical hostname of the machine is used, at least with
>Heimdal (gethostbyname(gethostname()), for servers that don't acquire
>a specific credential before calling GSS_Accept_Sec_Context().
>-- Luke