[Date Prev][Date Next]
Re: openldap 2.4.6 and GSSAPI/kerberos
Usually one would expect "3:" to come after "2:" ...
Heh, fair enough.
You haven't read the documentation. Section 13.2.4:
Note also that the realm part will be omitted if the default realm was used
in the authentication.
The SASL library always omits the realm if it matches the default realm. This
is also documented in the FAQ and the Cyrus SASL docs.
Ok, fair enough and its what I was intuitively guessing, I just wanted to
make sure that I wasn't opening myself up in the advent that I enabled
cross-realm keys and the realm was ignored. This is amazingly
unclear in section 13.2.1 where its discussed "your realm" 'EXAMPLE.COM'
and setting the cn to be that explicitly. Especially given that the
mapping section is referenced with the note that you don't have to do
I'll write a request off to the documentation people to fix these, or to
at least make it more obvious.
David E. Cross