[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL_SUCCESS_DATA should be set (ITS#2202)



Have you already verified that this works? Since I have no GSS-SPNEGO mech to
test with, I can't check it myself. Why does slapd need to be changed, if
slapd doesn't use a mechanism with server-send-last functionality? Or are you
testing a GSS-SPNEGO implementation for slapd? (As opposed to testing the
client side, using a MS AD as the server.)

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of lukeh@padl.com
> Sent: Tuesday, November 26, 2002 2:39 AM
> To: openldap-its@OpenLDAP.org
> Subject: SASL_SUCCESS_DATA should be set (ITS#2202)
>
>
> Full_Name: Luke Howard
> Version: HEAD
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (165.228.130.11)
>
>
> In servers/slapd/sasl.c, when calling sasl_server_new(), you
> should pass
> SASL_SUCCESS_DATA as the second-last argument.
>
> Why? Some SASL mechanisms appear to send a final response
> with the last token.
> For example, Microsoft's GSS-SPNEGO mechanism appears not to
> do the SASL SSF
> negotiation, and so the final SPNEGO "accept completed" token
> is returned in a
> successful LDAP BindResponse PDU.
>
>
>
>