[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd with SASL

To: Mark Adamson <adamson@andrew.cmu.edu>
Subject: Re: slurpd with SASL
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 09 Aug 2000 14:45:28 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <Pine.SOL.3.96L.1000809170834.614I-100000@nil.andrew.cmu.ed u>

At 05:21 PM 8/9/00 -0400, Mark Adamson wrote:
>An issue that I know will come up is that SASL+K4 requires a TGT to make
>the authentication. I did not want to put Kerberos function calls into
>slurpd to fetch a ticket from /etc/srvtab, since that breaks the intent of
>SASL, which is to free the application from having to write mechanism
>specific code.

I concur on this point as well.

>Therefore, the slurpd process needs to run as the child of
>a ticket refreshing program like "reauth" or "kauth".  What do people
>think of this requirement?  What requirements are there for other
>mechanisms people are using?

Or use the Kerberos/GSSAPI libraries default mechanism for obtaining
necessary bits...

Prev by Date: Re: slurpd with SASL
Next by Date: Re: slurpd with SASL
Index(es):
- Chronological
- Thread