[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL 2.1.2 GSSAPI and EXTERNAL clients broken

To: <cyrus-sasl@lists.andrew.cmu.edu>
Subject: SASL 2.1.2 GSSAPI and EXTERNAL clients broken
From: "Howard Chu" <hyc@highlandsun.com>
Date: Wed, 17 Apr 2002 16:04:38 -0700
Cc: <openldap-devel@OpenLDAP.org>
Importance: Normal
In-reply-to: <200204162157.g3GLvVua032313@lin2.andrew.cmu.edu>

Found another problem with our migration from 1.5 to 2.1; neither the GSSAPI
nor EXTERNAL client mechanisms work. (My previous testing against SASL 2 in
the OpenLDAP server was using a client linked with 1.5.27.) The problem is
that the canon_user function complains about the userid and authid being
NULL. Since both of these mechanisms get their username/credentials from
some other source, (X.509 certificate or Kerberos ticket) they're never set
within the SASL context. The 1.5 client mechanisms never cared. Is this a
bug in the LDAP client library because it never bothered to set these values
before, or is it a bug in the SASL client mechanisms (because they ought to
be fetching the names from their respective cert or ticket)?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Prev by Date: Re: How to store array of structures in LDAP directory???
Next by Date: RE: SASL 2.1.2 GSSAPI and EXTERNAL clients broken
Index(es):
- Chronological
- Thread