Separating the realm with GSSAPI and Kerberos

Brian Candler B.Candler at pobox.com
Fri Dec 31 08:56:04 EST 2010


On Fri, Dec 31, 2010 at 01:36:15PM +0000, Brian Candler wrote:
> Cyrus's sample-server uses sasl_getprop(...SASL_DEFUSERREALM...)
> whereas OpenLDAP uses sasl_getprop(...SASL_REALM...)

Actually that's wrong, OpenLDAP only uses SASL_REALM if the major version
number of the SASL library is < 2.

It looks like it uses the user_realm passed in the SASL_CB_CANON_USER
callback.

The question the becomes, is the user_realm supposed to contain the actual
realm of the client, or is it just the default realm?

Thanks,

Brian.


More information about the Cyrus-sasl mailing list