[Date Prev][Date Next]
Re: Finding Kerberos server from IPv6 address in SASL binding
Xu, Qiang (FXSGSC) wrote:
From: Howard Chu [mailto:firstname.lastname@example.org]
Sent: Friday, August 07, 2009 2:21 PM
To: Xu, Qiang (FXSGSC)
Subject: Re: Finding Kerberos server from IPv6 address in SASL binding
By default, on an OS that supports IPv6, libldap will use
getnameinfo() to do the reverse lookup from the address. If
your system's resolver is configured correctly, and your DNS
is configured correctly, then this should return the
canonical hostname corresponding to the IP address. The
result of this call is used in the sasl_client_new() function
as the name of the remote host, and so will be passed on to
the GSSAPI plugin.
By the way, sasl_client_new() connects to the Kerberos server, or the LDAP
server? I suppose it is the former, isn't it?
Your use of terminology here is unclear. The subject implies that you're
asking about the IP address of the Kerberized server, i.e., the server that
will use a service ticket from a client to authenticate the client. This is
obviously the same machine as the LDAP server, since it is in fact that LDAP
server you're trying to authenticate to.
If you're actually talking about the Kerberos KDC, which hands out tickets to
clients, its address obviously has nothing to do with any IPv6 address that
OpenLDAP passed to SASL.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/