[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Finding Kerberos server from IPv6 address in SASL binding

> -----Original Message-----
> From: Howard Chu [mailto:hyc@symas.com] 
> Sent: Friday, August 07, 2009 2:21 PM
> To: Xu, Qiang (FXSGSC)
> Cc: openldap-technical@openldap.org
> Subject: Re: Finding Kerberos server from IPv6 address in SASL binding
> I suppose you could run ldapsearch -d -1 under strace, which 
> ought to make it clear what the full sequence of events is.
> By default, on an OS that supports IPv6, libldap will use 
> getnameinfo() to do the reverse lookup from the address. If 
> your system's resolver is configured correctly, and your DNS 
> is configured correctly, then this should return the 
> canonical hostname corresponding to the IP address. The 
> result of this call is used in the sasl_client_new() function 
> as the name of the remote host, and so will be passed on to 
> the GSSAPI plugin.

It seems sasl_client_new() is connecting to the LDAP server, not Kerberos server. I want to know that how the Kerberos server comes into play. Does OpenLDAP pass anything to Cyrus SASL library to let it know where the Kerberos server lies? 

Xu Qiang