Separating the realm with GSSAPI and Kerberos
Brian Candler
B.Candler at pobox.com
Fri Dec 31 08:56:04 EST 2010
On Fri, Dec 31, 2010 at 01:36:15PM +0000, Brian Candler wrote:
> Cyrus's sample-server uses sasl_getprop(...SASL_DEFUSERREALM...)
> whereas OpenLDAP uses sasl_getprop(...SASL_REALM...)
Actually that's wrong, OpenLDAP only uses SASL_REALM if the major version
number of the SASL library is < 2.
It looks like it uses the user_realm passed in the SASL_CB_CANON_USER
callback.
The question the becomes, is the user_realm supposed to contain the actual
realm of the client, or is it just the default realm?
Thanks,
Brian.
More information about the Cyrus-sasl
mailing list