[Date Prev][Date Next]
RE: Finding Kerberos server from IPv6 address in SASL binding
> -----Original Message-----
> From: Howard Chu [mailto:email@example.com]
> Sent: Friday, August 07, 2009 2:21 PM
> To: Xu, Qiang (FXSGSC)
> Cc: firstname.lastname@example.org
> Subject: Re: Finding Kerberos server from IPv6 address in SASL binding
> What OS are you running on, and what version of OpenLDAP are
> you using?
"Linux durian 2.6.18-128.1.6.el5.centos.plus #1 SMP Thu Apr 2 12:53:36 EDT 2009 i686 i686 i386 GNU/Linux" is the output of "uname -a".
> I suppose you could run ldapsearch -d -1 under strace, which
> ought to make it clear what the full sequence of events is.
Yes, this is exactly what I did (ldapsearch -d -1 ...), but I failed to find where and when the Kerberos server is contacted. I do find a lot of LDAP sequencies. :-(
> By default, on an OS that supports IPv6, libldap will use
> getnameinfo() to do the reverse lookup from the address. If
> your system's resolver is configured correctly, and your DNS
> is configured correctly, then this should return the
> canonical hostname corresponding to the IP address. The
> result of this call is used in the sasl_client_new() function
> as the name of the remote host, and so will be passed on to
> the GSSAPI plugin.
Here, your "canonical name" means the server's FQDN? So, you mean sasl_client_new() is the API to find the server and send out the request TGS-REQ?