[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question on bind using Kerberos Service Ticket.

Austin Cherian wrote:
Thanks for the reply Howard, if i can further clarify what you mean is that given the ldap_sasl_bind fucntion prototype below :

LDAP *ld,
LDAP_CONST char *dn,
LDAP_CONST char *mechanism,
struct berval *cred,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
i first call the Kerberos authentication functions to get the service ticket to the ldap server. Next i can simply use the above fuction specifying mechanism as "GSSAPI" and pointing cred to the Kerberos service ticket i just got ?

Generally no. The SASL library may need to do other things with the session and credentials. You should use the ldap_sasl_interactive_bind_s() function instead.

If this is right the ldap server will just verify the service ticket and send back the response for the fucntion to return success.

Basically, yes.

Is there anything else i need to take care of ?

If you use the ldap_sasl_interactive_bind_s() function, there's nothing else to take care of.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/