multi-realm openldap authentication

Jeremiah Martell inlovewithgod at gmail.com
Mon Sep 19 11:28:13 EDT 2005


I'm using openldap and cyrus sasl (GSSAPI) for authenticating into an ldap 
server. I can successfully log into a single realm, and if the ldap 
directory is in the same realm as I log into, I can use cyrus sasl (GSSAPI) 
to log into the ldap directory.

The problem is when the realm I log into and the ldap directory are in 
seperate realms. I can authenticate into my realm, but then my code doesn't 
traverse the trust between realms to get to the ldap directory.

I'm using: ldap_sasl_interactive_bind_s(), and in my callback I attempt to 
pass back valid settings, but to no use. Looking at the network traffic with 
ethereal shows that I'm passing the Server Principal Name as: "krbtgt/.". A 
period (.) versus a realm.

I know my servers/realms are setup correctly because another application can 
do multi-realm GSSAPI authentication correctly.

Any ideas? I would really appreciate any help on this.

Thanks,
- Jeremiah
inlovewithGod at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20050919/007f0950/attachment.html


More information about the Cyrus-sasl mailing list