[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Finding Kerberos server from IPv6 address in SASL binding



> -----Original Message-----
> From: Howard Chu [mailto:hyc@symas.com] 
> Sent: Friday, August 07, 2009 2:21 PM
> To: Xu, Qiang (FXSGSC)
> Cc: openldap-technical@openldap.org
> Subject: Re: Finding Kerberos server from IPv6 address in SASL binding
> 
> I suppose you could run ldapsearch -d -1 under strace, which 
> ought to make it clear what the full sequence of events is.
> 
> By default, on an OS that supports IPv6, libldap will use 
> getnameinfo() to do the reverse lookup from the address. If 
> your system's resolver is configured correctly, and your DNS 
> is configured correctly, then this should return the 
> canonical hostname corresponding to the IP address. The 
> result of this call is used in the sasl_client_new() function 
> as the name of the remote host, and so will be passed on to 
> the GSSAPI plugin.

It seems sasl_client_new() is connecting to the LDAP server, not Kerberos server. I want to know that how the Kerberos server comes into play. Does OpenLDAP pass anything to Cyrus SASL library to let it know where the Kerberos server lies? 

Thanks,
Xu Qiang