[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Finding Kerberos server from IPv6 address in SASL binding

To: Howard Chu <hyc@symas.com>
Subject: RE: Finding Kerberos server from IPv6 address in SASL binding
From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
Date: Fri, 7 Aug 2009 14:34:12 +0800
Accept-language: en-US
Acceptlanguage: en-US
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-language: en-US
In-reply-to: <4A7BC7B3.4070901@symas.com>
References: <D8C9BC7FFCF8154FB7141EB8DB609C172E6F0B2FB2@SGPAPHQ-EXSCC01.dc01.fujixerox.net> <4A31E76E.20905@symas.com> <D8C9BC7FFCF8154FB7141EB8DB609C172E6F10649B@SGPAPHQ-EXSCC01.dc01.fujixerox.net> <4A323772.8090102@stroeder.com> <D8C9BC7FFCF8154FB7141EB8DB609C172E71BF2320@SGPAPHQ-EXSCC01.dc01.fujixerox.net> <4A7BB862.1020902@symas.com> <D8C9BC7FFCF8154FB7141EB8DB609C172E71BF2382@SGPAPHQ-EXSCC01.dc01.fujixerox.net> <4A7BC7B3.4070901@symas.com>
Thread-index: AcoXJ0LaY3xuPA2tRQiKdzzx6yRXVwAAUikw
Thread-topic: Finding Kerberos server from IPv6 address in SASL binding

> -----Original Message-----
> From: Howard Chu [mailto:hyc@symas.com] 
> Sent: Friday, August 07, 2009 2:21 PM
> To: Xu, Qiang (FXSGSC)
> Cc: openldap-technical@openldap.org
> Subject: Re: Finding Kerberos server from IPv6 address in SASL binding
> 
> What OS are you running on, and what version of OpenLDAP are 
> you using?

"Linux durian 2.6.18-128.1.6.el5.centos.plus #1 SMP Thu Apr 2 12:53:36 EDT 2009 i686 i686 i386 GNU/Linux" is the output of "uname -a".
 
> I suppose you could run ldapsearch -d -1 under strace, which 
> ought to make it clear what the full sequence of events is.

Yes, this is exactly what I did (ldapsearch -d -1 ...), but I failed to find where and when the Kerberos server is contacted. I do find a lot of LDAP sequencies. :-(
 
> By default, on an OS that supports IPv6, libldap will use 
> getnameinfo() to do the reverse lookup from the address. If 
> your system's resolver is configured correctly, and your DNS 
> is configured correctly, then this should return the 
> canonical hostname corresponding to the IP address. The 
> result of this call is used in the sasl_client_new() function 
> as the name of the remote host, and so will be passed on to 
> the GSSAPI plugin.

Here, your "canonical name" means the server's FQDN? So, you mean sasl_client_new() is the API to find the server and send out the request TGS-REQ?

Thanks,
Xu Qiang

References:
- Finding Kerberos server from IPv6 address in SASL binding
  - From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
- Re: Finding Kerberos server from IPv6 address in SASL binding
  - From: Howard Chu <hyc@symas.com>
- RE: Finding Kerberos server from IPv6 address in SASL binding
  - From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
- Re: Finding Kerberos server from IPv6 address in SASL binding
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Finding Kerberos server from IPv6 address in SASL binding
Next by Date: RE: Finding Kerberos server from IPv6 address in SASL binding
Index(es):
- Chronological
- Thread