Re: Question on bind using Kerberos Service Ticket.

[Howard Chu <hyc@symas.com>]

Austin Cherian wrote:
> Thanks for the reply Howard, if i can further clarify what you mean is 
> that given the ldap_sasl_bind fucntion prototype below :
>
> ldap_sasl_bind(
> LDAP *ld,
> LDAP_CONST char *dn,
> LDAP_CONST char *mechanism,
> struct berval *cred,
> LDAPControl **sctrls,
> LDAPControl **cctrls,
> int *msgidp )
> i first call the Kerberos authentication functions to get the service 
> ticket to the ldap server. Next i can simply use the above fuction 
> specifying mechanism as "GSSAPI" and pointing cred to the Kerberos 
> service ticket i just got ?

Generally no. The SASL library may need to do other things with the session 
and credentials. You should use the ldap_sasl_interactive_bind_s() function 
instead.

> If this is right the ldap server will just verify the service ticket and 
> send back the response for the fucntion to return success.

Basically, yes.

> Is there anything else i need to take care of ?

If you use the ldap_sasl_interactive_bind_s() function, there's nothing else 
to take care of.
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/