[Date Prev][Date Next]
Re: Question on bind using Kerberos Service Ticket.
Austin Cherian wrote:
Thanks for the reply Howard, if i can further clarify what you mean is
that given the ldap_sasl_bind fucntion prototype below :
LDAP_CONST char *dn,
LDAP_CONST char *mechanism,
struct berval *cred,
int *msgidp )
i first call the Kerberos authentication functions to get the service
ticket to the ldap server. Next i can simply use the above fuction
specifying mechanism as "GSSAPI" and pointing cred to the Kerberos
service ticket i just got ?
Generally no. The SASL library may need to do other things with the session
and credentials. You should use the ldap_sasl_interactive_bind_s() function
If this is right the ldap server will just verify the service ticket and
send back the response for the fucntion to return success.
Is there anything else i need to take care of ?
If you use the ldap_sasl_interactive_bind_s() function, there's nothing else
to take care of.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/