multi-realm openldap authentication
Jeremiah Martell
inlovewithgod at gmail.com
Mon Sep 19 11:28:13 EDT 2005
I'm using openldap and cyrus sasl (GSSAPI) for authenticating into an ldap
server. I can successfully log into a single realm, and if the ldap
directory is in the same realm as I log into, I can use cyrus sasl (GSSAPI)
to log into the ldap directory.
The problem is when the realm I log into and the ldap directory are in
seperate realms. I can authenticate into my realm, but then my code doesn't
traverse the trust between realms to get to the ldap directory.
I'm using: ldap_sasl_interactive_bind_s(), and in my callback I attempt to
pass back valid settings, but to no use. Looking at the network traffic with
ethereal shows that I'm passing the Server Principal Name as: "krbtgt/.". A
period (.) versus a realm.
I know my servers/realms are setup correctly because another application can
do multi-realm GSSAPI authentication correctly.
Any ideas? I would really appreciate any help on this.
Thanks,
- Jeremiah
inlovewithGod at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20050919/007f0950/attachment.html
More information about the Cyrus-sasl
mailing list