[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Small HOWTO about OpenLDAP2, SASL, Kerberos and SSL/TLS (Was: OpenLDAP2 and SASL/Kerberos)

To: Will Day <willday@rom.oit.gatech.edu>
Subject: Re: Small HOWTO about OpenLDAP2, SASL, Kerberos and SSL/TLS (Was: OpenLDAP2 and SASL/Kerberos)
From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>
Date: Fri, 23 Mar 2001 11:32:33 +0100
Cc: openldap-software@OpenLDAP.org
Organization: DFN Directory Services, ZDV Uni Tübingen
References: <87bsrd1gb0.fsf_-_@papadoc.bayour.com> <20010322114352.A29428@rom.oit.gatech.edu>


Will Day wrote:
> 
> A short time ago, at a computer terminal far, far away, Turbo Fredriksson wrote:
> >> My last job learned me a valuable lesson if nothing else. Document
> >> all you do, so that you/someone else can do the same thing 'just
> >> in case'.
> >>
> >> I'll clean up my scribblings and write something for the OpenLDAP
> >> Faq-o-matic about getting all this (OpenLDAP2, SSL/TLS, SASL and
> >> KerberosV) to work together.
> >
> >I have the first draft at http://www.bayour.com/kerberos/Kerberos-MiniHOWTO.html.
> >
> >Please  review  it  and mail  me  any  comments  so all  this  'stupid
> 
> Thanks for putting this together.  I'm trying to help get something like
> this set up here, I'm still working out some issues.
> 
> One question I had about what you mentioned on the webpage was about the
> sasl gssapiv2 patch (#patch-sasl).  You mention:
> 
>    NOTE: According to a message on the openldap-software mailing list, this
>    was fixed some time ago in the CVS version of Cyrus SASL. So make sure
>    that you need the patch before applying it! The version of the file
>    plugins/gssapi.c in the cyrus-sasl source directory should be greater
>    than 1.39, that's when it was fixed. So if you have a version higher
>    than 1.39 you don't need to patch Cyrus-SASL.
> 
> I wasn't sure how to find the version of the file I have (this is the
> 1.5.24 tar from the ftp site); I didn't see a version number in the
> gssapi.c.  I pulled down the CVS image, and compared the gssapi.c there to
> the one from 1.5.24, but didn't see either of the changes in the two gssapi
> patches (gssapi.patch, gssapi2.patch), nor anything that seemed to (as far
> as I could tell) address the "realm" issue.
> 

You might want to try version 1.5.26 BETA annouced yesterday which
includes the patches:
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/BETA/cyrus-sasl-1.5.26.tar.gz

-- 
Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de

References:
- Small HOWTO about OpenLDAP2, SASL, Kerberos and SSL/TLS (Was: OpenLDAP2 and SASL/Kerberos)
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: Small HOWTO about OpenLDAP2, SASL, Kerberos and SSL/TLS (Was: OpenLDAP2 and SASL/Kerberos)
  - From: Will Day <willday@rom.oit.gatech.edu>

Prev by Date: userpassword question
Next by Date: filtering the search
Index(es):
- Chronological
- Thread